The recent admission by a top Department of Defense official that a classified network was compromised in 2008 through an infected USB drive has brought the spotlight back onto the myriad threats that these portable devices pose to corporate networks.
The security community has been wary of USB drives for some time now, with some IT departments going so far as to permanently disable the USB ports on users’ machines. And the Pentagon famously ordered a complete ban of the devices a couple of years ago because of an unspecified security incident. Now we know that incident was the compromise of a classified network by a USB drive containing malware. The extraordinary public admission of this fact by the Pentagon last week raised a number of questions, among them the question of whether the potential dangers of USB drives outweigh the benefits.
For some, the answer to that may well be yes, as DarkReading’s Rob Lemos points out.
While many companies worry about the software-based security
vulnerabilities present in their networks and systems, far fewer have
locked down their systems against devices that can be used to steal data
or infect the network from behind the perimeter. Earlier this year, for
example, a variant of an attack program known as Stuxnet
used USB — and other methods — to spread among power companies,
stealing information on the configuration of their sensitive operational
networks.
USB drives have a lot to offer both in terms of convenience and huge storage capacity. But they also represent a serious threat, especially for uneducated users who don’t understand the ways in which they can be used to spread malicious code and siphon off valuable data.
Read DarkReading’s full story.