The risks for companies resulting from cyberattacks are on the rise. This is partly due to the fact that malware can now infect networks in a number of different ways. At the same time, IT systems sometimes prove to have considerable security gaps. As a result, mobile employees are increasingly and inadvertently giving cybercriminals access to company networks. Who would expect a USB cable to be misused as a tool for phishing?
It is well known that a system’s endpoints are the most vulnerable to malware attacks. However, there is often a lack of knowledge about specific scenarios, and so employees in a company rarely know how easily they can become a target for attack. For example, attacks are increasingly being made via manipulated USB devices. These include USB sticks, charging cables, network adapters, and gadgets. Even though security researchers have been warning against weaknesses related to BadUSB for years, many users are sometimes still too inexperienced when it comes to deploying the appropriate hardware.
Infected firmware in USB devices
The perfidious thing about cyberattacks made via USB interfaces is the type of infection: The malware is often concealed directly in the firmware. In this case, there is not even any need for an infected file, and manipulated sticks can be completely empty. The malware is simply executed when the respective USB device is connected, with virus scanners and firewalls are unable to register or prevent the attack. It is also possible to control the function hidden in the firmware so that the attack does not start until a later time. Regardless of which time is set, it may be subsequently possible to carry out attacks with simulated keyboard input, listen in on network traffic, or redirect it. This way, security policies can be deactivated or remote accesses can be started. Hackers can get to company data quickly and easily, cause deliberate damage, or prepare further attacks. There is no longer a need to crack a firewall.
When employees are targeted as attack vectors, this does not only pose a problem for the IT landscape of the company; the accompanying stress and strain experienced by the employees should also be taken seriously. Although no one can expect them to take care of IT security, they cannot just simply avoid the respective risks. An employee who has inadvertently caused damage will not normally emerge entirely unscathed from the experience.
Security for companies of all sizes
Company networks are all affected by security gaps all too often. Companies of all sizes should, therefore, take the necessary precautions to protect their employees and their own network. IT security should, wherever possible, be automated and centralized as part of a comprehensive security concept.
Tips to avoid USB hacker attacks
- The first thing to do is to identify the locations at which data is handled, check how the data is used, and also check which USB and storage devices and which data transfers to or from these devices could pose a security risk.
- It is advisable to block or filter access for devices, media, and interfaces with a higher risk.
- It is even better to only allow access to USB devices that have been purchased, checked, and approved by the IT department.
- Critical data with sensitive information should never be stored on unsafe devices. If no other option is available, encryption should be used at the very least.
- Data transfer anomalies should be detected, reported, and blocked in an automated manner. If malicious code is discovered, this must be blocked as swiftly as possible using post-infection measures.
- To ensure traceability in accordance with EU GDPR, it is essential to log all data transfers.
Endpoint security, data protection, and endpoint detection and response – these are just a few of the different solution approaches that can help companies make their systems resistant to infection. What they all have in common is the fact that efficient solutions are based on the automated detection and combating of malware. In this case, there is no need for IT staff to manually intervene. When selecting the right software, IT decision-makers should pay attention to the following features:
- Device control using whitelists
- Interface control
- Data monitoring
- BadUSB protection
- Data loss protection
- Data encryption
- Post-infection protection