According to new research from Centennial Software removable devices are the single biggest threat to company data so far in 2007, yet four out of five businesses are failing to defend themselves. The research resulted from a survey undertaken at this year's Infosecurity Europe, and discovered that just 16 percent of those asked use software to manage the potential data leakage and network infection risks associated with removable devices. Almost half use no security controls whatsoever, while 27 percent rely purely on managerial discretion. But removable devices are seen as a bigger threat, and nominated by 38 percent of respondents as such, than malware on 22 percent or Web viruses with 23 per cent. The first time that removable devices have taken the top spot in the security threat stakes during Centennial surveys.
"The business world seems to be burying its head in the sand over the risks that removable devices pose. And this is almost akin to a masochistic tendency, particularly in a corporate environment," Matt Fisher, Centennial Vice President told DaniWeb. "Companies are aware how dangerous these devices are to their data security, yet they seem reluctant to implement practical solutions."
So it should come as no surprise that Walk-in Intellectual Property Poaching (WIPP) is becoming increasingly common. If people can simply walk in and remove data without proper constraints they are going to do it."In contrast with viruses and malware, data can be physically stolen using USBs, MP3 players and other removable devices." Fisher commented "Companies spend millions fighting the so-called 'invisible threats' but ignore what they freely admit is their top concern. By tackling WIPP head on, businesses can interrupt a cycle that can only result in business pain."
Of course, the removable drive problem does not end there. Another security trend on the up is the social engineering hacker ploy of USB seeding. With USB thumb drives, memory sticks or whatever you want to call them, becoming so cheap as to be thought of as throwaway items, that's exactly what the criminal gangs are doing. By dropping a USB stick outside a target office, or within a bar or café where target employees are known to socialise, it is relatively easy to get a Remote Access Trojan, worm or some kind of Trojan dropper onto a poorly protected network. Human curiosity and greed are such that the fact someone will pick it up and stick it in back at the office is almost a given.
Now IT security and control firm Sophos is warning companies of a family of worms that spreads by copying itself onto removable drives such as USB memory sticks, and then automatically runs when the device is next connected to a computer. The SillyFD-AA worm hunts for removable drives such as floppy disks and USB memory sticks, and then creates a hidden file called autorun.inf to ensure a copy of the worm is run the next time it is plugged into a Windows PC. It also changes the title of Internet Explorer windows to append the phrase "Hacked by 1BYTE".
Graham Cluley, senior technology consultant for Sophos told Daniweb "computer owners should tread very carefully when plugging an unknown device into their PC, however, as it could have malicious code planted on it. With a significant rise in financially motivated malware it could be an obvious backdoor into a company for criminals bent on targeting a specific business with their malicious code. In this example, changing the title of the Internet Explorer browser's windows should be a pretty clear sign to most people that something strange is afoot. It also indicates that this particular variant of the worm has not been written with completely clandestine intentions. A more savvy internet criminal would have not made it so obvious that the PC has been broken into, but silently steal from the PC without leaving such an obvious clue."
Sophos experts advise that users disable the autorun facility of Windows so removable devices such as USB keys and CD ROMs do not automatically launch when they are attached to a PC. Any storage device which is attached to a computer should be checked for virus and other malware before use. Floppy disks, CD ROMs, USB keys, external hard drives and other devices are all capable of carrying malicious code which could infect the computers of innocent users. Sophos recommends companies automatically update their corporate virus protection, and defend their users with a consolidated solution to defend against the threats of viruses, spyware, hackers and spam.
More information and a graphic of the Internet Explorer window can be found here.
