How A Simple USB Stick Can Threaten Your Corporate Network

Ever found an USB stick in your letter box, at your desk or on the street? What would you do with it? Yes, you’d probably check what’s in there.

But wait…

Have you ever thought about the potential risks you could incur by exploring the content on a stranger’s USB device? Especially if the USB device is connected in an environment where sensitive information and data are available and accessible?

If not, then let me tell you about a true story which I heard from a friend a few years ago.

As you may know business related data theft is (unfortunately) becoming a common security risk and in most cases the illegitimate knowledge transfer is performed through a simple USB trick.

Most USB devices belong to legitimate users, so how and why would a user insert a USB stick containing malicious code into a machine which is connected to a corporate network?

Often social engineering tricks are required to reach such targets, however, any social engineering activity can only be successful if the victim trusts you and you are able to convince him to perform the steps required to activate malicious code on the target machine.

Going ahead with the story…

One day someone placed several USB devices in or near specific cars in a car park. These cars belonged to the managers of a successful business company. One of the managers who found one of these USB devices was curious enough to check what was on the device. So without taking any precautions he plugged the USB device into his laptop and this automatically enabled the Trojan that was stored on the USB. It was “Game over” for the poor victim as his laptop was infected; however, the more serious part of the story is that he may well have put his company at risk without even realising.

Any software that controls endpoint connections such as USB devices and manages to either grant or deny access to the corporate system would be of great help to an administrator so as to avoid the injection of malicious code into a clean corporate network.

By blocking access for people to connect unauthorised devices into the corporate network you would prevent unnecessary risks for any company. Furthermore implementing endpoint security software allows your administrator to be notified about any breaches of these existing company policies.

Emmanuel Carabott CISSP heads security research at GFI Software. He has over 12 years’ experience in the security field and is a regular contributor to several websites and blogs. For more information about the benefits of using email usage reporting.