Close desktop login portal

Client Login

Select one of the portals below and login with your credentials

Advisory

Richey May Advisory provides the full spectrum of transformative solutions for your business. From Technology and Risk Management to Specialty Audit Services and more, Richey May Advisory has the solutions you need to find and focus on your competitive advantage.

Learn More

Richey May Advisory

Richey May Advisory provides the full spectrum of transformative solutions for your business. From Technology and Risk Management to Specialty Audit Services and more, Richey May Advisory has the solutions you need to find and focus on your competitive advantage.

Learn More

Contact Us

Richey May Headquarters
9780 S Meridian Blvd., Suite 500
Englewood, CO 80112
Directions
303-721-6232

Question or comments?  Click here to fill out our inquiry form.

Richey May Advisory

Richey May Advisory provides the full spectrum of transformative solutions for your business. From Technology and Risk Management to Specialty Audit Services and more, Richey May Advisory has the solutions you need to find and focus on your competitive advantage.

Learn More

Richey May Advisory

Richey May Advisory provides the full spectrum of transformative solutions for your business. From Technology and Risk Management to Specialty Audit Services and more, Richey May Advisory has the solutions you need to find and focus on your competitive advantage.

Learn More

Contact Us

Richey May Headquarters
9780 S Meridian Blvd., Suite 500
Englewood, CO 80112
Directions
303-721-6232

Question or comments?  Click here to fill out our inquiry form.

Mobile menu toggle
Back to menuBack to menu
Richey May Headquarters
9780 S Meridian Blvd., Suite 500
Englewood, CO 80112
Directions
303-721-6232

Employment Documents

Testing4321

Technology

Physical Security Still Matters: Watch Out for Rogue USB Devices

Articles by: Richey May, Mar 15, 2018

Evolving tactics used by cybercriminals, often highlighted in the news related to large-scale attacks, bring attention to the importance of protecting the companies we work for and ourselves personally. But over time, we tend to forget about other, more low-tech, attacks that are still quite impactful. Physical security, including the use of USB storage devices, has been a security topic for the better part of a decade. Recommendations around blocking USB devices, not only for compliance, but also to limit the loss of sensitive data, are now considered industry best practice. However, many organizations still remain vulnerable due to the lack of established policies and procedures around the use of USB devices. Researchers from Ben-Gurion University in Israel recently released a report of 29 different attack methods via USB that attackers could use to compromise a user’s computer. The researchers categorize these attacks into four unique categories depending on how the attack is executed. Once executed, the attacker is able to gain control of the victim’s computer, utilizing the system to execute malicious attacks or steal sensitive information.

REPROGRAMMABLE MICROCONTROLLER USB ATTACKS

The first category, reprogrammable microcontroller USB attacks, involves the use of a small programmable chip that is able to “mimic” a normal USB device, but that is programmed to directly interact with the computer just as if the attacker were sitting at the keyboard and monitor. This type of controller attack has been around since 2010 and is designed to execute malicious keystrokes in order to install malicious software that aids in the theft of passwords or other sensitive information.

REPROGRAMMED USB PERIPHERALS

Similarly, the second category focuses on reprogrammed USB peripherals that have had their internal software, also known as firmware, changed to include malicious instructions that the host computer then executes. This type of attack can result in the loss of data or the covert use of web cameras to capture video without the user even knowing. For example, Siemens, the global electronic controls company, found malware posing as legitimate software updates for control systems that ended up infecting the programmable logic controls of industrial systems.

SOFTWARE ON THE USB DEVICE

While reprogramming USB devices is technically complicated, the third category utilizes software on the USB device that simply executes to conduct the malicious activity. Considered the world’s first digital weapon, Stuxnet, released in 2014, utilized software installed on a USB storage device to execute a computer worm that targeted SCADA systems. Stuxnet made a name for itself due to the substantial damage it did to Iran’s nuclear program. In another example, in 2017, IBM had to publicly announce that a number of USB flash drives had been shipped with Trojan malware that impacted Storwize storage systems.

ELECTRICAL ATTACK

The last category of attacks is quite simple, and is called an electrical attack. The idea behind this attack is to cause irreparable harm to a computer system by triggering an electrical surge.

HOW TO PROTECT YOUR DATA

The good news in all of this is that there are a number of simple rules that can help reduce your attack surface and protect your company’s sensitive data and technology investments. Generally speaking, in order to protect your organization, standard policies should be in place that disable USB storage devices, and all endpoint devices should be patched and have good anti-malware software installed. Additionally, employees should be trained to not inherently trust all technology devices. If they don’t know for sure that a USB device is clean, they shouldn’t plug it in. This includes not only USB tokens found in parking lots, but also extends to public charging stations that can be commonly utilized to charge smartphones. Employees should be instructed to always use their own chargers, use their own USB devices, and to distrust public Wi-Fi networks. These simple steps can help reduce the impact of rogue USB devices if they are introduced into your company’s environment. For any questions regarding the information contained in this article, or about the cybersecurity services that Richey May provides, please contact JT Gaietto, Executive Director, Cybersecurity Services.