Leave that USB Drive Where You Found It
You come across a thumb drive, or USB drive that you don’t recognize. Maybe you find it in the car park of your building or by the copier in the office. You’re curious or you want to plug it in to identify where to return it. Don’t do it. Risks abound.rnrnConsider this jaw-dropping example. That's how the Stuxnet malware virus that hit an Iranian nuclear facility got its start. It’s believed employees at the facility plugged in a USB drive they found in the car park.rnrnFrom there the virus could reach the computers controlling the centrifuges, causing them to spin too fast and become damaged. The attackers couldn’t get in directly, as the computers were on a disconnected network.rn
Risk of Thumb Drive Attack
rnNow, you might be thinking, "but I’m not an Iranian nuclear facility." But that doesn’t prevent cybercriminals from wanting to access your network and systems. USB drives are one more way that bad actors can do so. In fact, one study found that 60 percent of people were likely to connect random thumb drives found near their building. If the business logo was on the drive, the number went up to 90 percent.rnrnUSB stands for Universal Serial Bus. Even with cloud computing, we still see these small, portable drives used universally. They are compact and convenient. That also makes them an attractive target for bad actors.rnrnHackers can pre-program USBs to act maliciously once connected to the network. They might:rn- rn
- steal a user's data; rn
- gain access to the user’s keyboard; rn
- monitor the user’s screen; rn
- encrypt user data in exchange for a ransom; rn
- spread infection. rn