Posted in: In this week's e-newsletter, Latest News & Views, Security
It’s not just malicious websites and e-mail attachments anymore. These days, cybercriminals are using another method to spread malware:
Infected USB hardware.
That’s the warning contained in a recent report by security firm PandaLabs. A quarter of all new worms being discovered by Panda are designed specifically to spread via USB drives.
And of the companies surveyed that had been victimized by malware in the past year, 27% said the source was an infected USB drive that was plugged into a computer on their network.
A few high-profile cases also show the dangers of USB devices:
- The U.S. Department of Defense recently announced the cause of a large 2008 data breach: A USB flash drive containing a virus created by a foreign intelligence body was plugged into a laptop at a military base.
- In May, IBM apologized after it was was discovered some of the free USB thumb drives the company handed out at a security conference in Australia contained viruses.
- Two years ago, millions of computers were infected with the Conficker worm, which spread primarily through USB devices.
To keep malware from USB drives off of your network, experts recommend:
- disabling USB ports for users who don’t need them
- disabling auto-play for USB drives
- requiring drives and other devices to be approved by IT before they’re used, and
- training users not to use drives if they don’t know where they came from, and not to open unknown files contained on drives.