Removable media and why you should not use it
Removable media are designed to provide storage spaces for computers. They offer storage spaces for data files and programs that can run off the removable media. Though helpful, removable media can easily be attacked by viruses and malware and be transferred between devices, posing a significant cyber risk to both individuals and organisation data.
Running programs on removable media can sometimes be a problem, especially in most cases where some operating systems have autorun capabilities for removable media. This means that the removable media can be created so that you can run specific programs when inserted into a computer that is autorun enabled.
In some cases, autorun can be helpful. For example, if you automatically run programs from the installation CD. This can be abused by cybercriminals who specialise in putting malicious programs that are set to run automatically on removable media sent to their targets.
Cyber threat of removable media
Removable media can be attacked in different ways, from delivering malware, stealing data and physically destroying the computer they are inserted into.
The most common way of distributing malware is through the use of weaponised removable media. It can be distributed anywhere as long as it is inserted into a computer. This weaponised removable media can either use autorun to carry out its malicious functionalities or trick the target into running it using an exciting filename. Malware distribution through removable media is hazardous. It sneaks the malware past the security solution deployed at the organisational network perimeter.
A malicious removable media can run programs by using autorun functionalities or by trying to trick the user into running them. We can conclude that malicious removable media can be a helpful tool for an attacker because as soon as the removable media is inserted into the user’s machine, the malicious programs on the removable media will open up an outbound network connection to a computer which an attackers control. This is capable of bypassing an organisational firewall because most firewalls by default allow all outbound traffic. An attacker has full command line access to compromise the machine and infect the corporate network.
Removable media is also a helpful tool for attackers who wish to perform credential thief. An attacker can install a keylogger on a removable media inserted into a computer or look for a way to entice the user to plug it in. As soon as it is inserted, the removable media can monitor the information entered into the computer. Whether or not the attacker has physical access to the work station, the stolen data can be stored on the removable media for later retrieval or sent out over the internet.
A malicious removable media can also be an effective tool for stealing data from an organisation because it can be an effective keylogger, removable media can run programs on it, and it has built-in storage containing sensitive information that can be used to steal valuable data from any device.
Removable media can be used for data exfiltration because they can bypass an entire network. Since most organisations depend heavily on network-level cyber solutions, an attack can be carried out efficiently and is hard to detect.
Protection against removable media cyber risk
The use of infected removable media can be an effective tool for attackers to carry out cybercrimes. It can, however, be dealt with in different ways. Read on as I show you various protections against removable media cyber risk.
Awareness training, especially for employees, is one of the most effective methods to protect an organisation from cyber threats. An organisation should educate their employees about cyber risk through removable media. Educate your employees that plugging untrusted devices into your computer can dramatically increase the threat posed on the enterprise. Suppose untrusted removable media must be used in an organisation; there must be a way of testing if the removable media contain malicious functionalities before being allowed to be plugged in such as sandboxing, this is using a separate computer (not connected to the network) to analyse the contents of the media prior to use on the network.
Autorun on all computers must be disabled.
Every organisation must disable autorun on removable media in their computers. This is because its functionalities are more of a liability than an asset. It makes your computer easy for attackers to weaponise removable media.
The use of removable media must be discouraged.
The best and the easiest way to protect your information from cyber risk is to discourage or avoid removable media, especially in an organisation. If you can do this, it will be challenging for attackers to invade your network. For organisations, you can implement this policy in different ways. You can set up a policy stating that the use of removable media on corporate computers is not allowed. Alternatively, you can configure your computer not to run removable media. If you cannot implement the two options above, you can block or remove your computer USB or disk drive ports.
Deal with the risk of removable media
Removable media is a handy tool that has different legitimate uses. Because of its functionalities, it is highly preferred. Despite its helpful functionalities, it also poses a significant cyber threat because it can be weaponised to carry out attacks. Because of this, an organisation should always look for ways to prevent its potential risk, and the method of addressing this potential risk should not be taken for granted. It should be a component of any organisational cybersecurity strategy. When this is put in place the cyber risk through removable media should be avoided.
From the light of the above, we can see why we must not use removable media. It poses a threat to data. It gives attackers easy access to our information that can cause massive damage to both individuals and organisations. Removable media is a NO if we must fight cybercrimes to stay safe with our information intact.
UK Cyber Security Ltd is here to help
If you would like to know more, do get in touch as we are happy to answer any questions.
Looking to improve your cybersecurity but not sure where to start? Begin by getting certified in Cyber Essentials, the UK government’s scheme that covers all the technical controls that will provide the protection that you need to help guard against criminal attacks. Or just get in touch by clicking contact us.