Analecta Cyber Company Blog: Restricting Removable Devices on Network Machines Part 1: User Education

2018-07-24

Restricting Removable Devices on Network Machines Part 1: User Education

administratively restricting removable devices in network machines Restricting removable devices on network machines: user education - Analecta-llc blog graphic Connecting USB thumb drives and other removable devices to company-maintained computers poses a significant risk to your organization’s network. Even allowing employees to plug peripherals into the USB port for charging personal devices may infect their machine and compromising the entire network. This week we turn our focus to the impact user training has on unauthorized USB use in the office

Who’s doing the dirty work? 


Hackers love to use USB devices and micro PCs that look like USB devices as an initial attack vector. They compromise the device, and your employees are the unwilling participants who deliver the malware straight to the network. That’s why it has become a critical issue to not let business devices and personal devices co-mingle. What once used to be an easy way to take office files home for the evening, or bring personal music into the workplace from a home computer has, time and time again, spread malware from lesser protected devices to a business network. In most of these cases, the user may not even know they are enabling the attack.

Are USB-based attacks still a threat?


We don’t think about USB-based attacks as frequently as we did 5 years ago, but information security professionals report that their organizations are still experiencing social engineering attacks caused by USB devices. In 2018, malware researchers outlined nearly 30 different USB-based attacks that are wreaking havoc in today’s business, private and government sectors.

Worse yet, curiosity gets in the way of due diligence. “What’s on that thumb drive? Well, plug it in, let’s find out.” It has become increasingly easier to spread malware, whether it is unintentional or malicious. In a 2016 university study, nearly half of 300 unattended USB sticks placed across campus had files accessed, the first one within minutes of the device being planted.

Studies have shown that compromises are not restricted to only businesses. A favorite target of higher-end hackers is critical infrastructure organizations like energy plants and oil refinery networks. In these organizations, the operational technology (OT) and industrial control systems (ICS) do not have an external internet connection on their automated networks. Yet, the OT/ICS infrastructure continues to be exposed to conventional, mass malware and ransomware attacks.  In a 2018 survey of 320 international companies from manufacturing and industrial production, energy, mining, transport and logistics sectors, over 27% attributed networking breaches due to the errors and actions of their employees.

Steering clear of non-company issued peripherals and media


Employees are predispositioned to accept a free USB or other techno-savvy devices, regardless of the source. Remind employees that even when on travel, non-authorized USB and other removable media should not be connected to work laptops. Conventions, trade shows and other special events are a perfect place to pick up thumb drives or other USB-powered freebies like pen-lights, mini-clocks or mini-cameras that may have been compromised during manufacturing.

Did North Korea give out malware-infected USB-powered fans?!


At the 2018 U.S./North Korea Summit in Singapore, a USB-powered personal fan were included in welcome bags assembled for visiting reporters. A tidal wave on social media ensued as cyber security pros warned journalists of the potential dangers of malware-laden USB devices and recommended not attaching the device to their laptops. Needless to say, it was not a refreshing experience.

administratively restricting removable devices in network machines
Hackers play the curiosity card by leaving thumb drives like these in company parking lots to lure potential victims. Bogus files labeled “Employee Raises” will begin to transfer malware, spyware or ransomware once opened.

I was only using the USB port as a charger...


Employees plugging mobile device into their work computer to charge them may seem harmless, but can lead to issues for both parties. From the company’s system security standpoint, there is now a device connected to the network that has an unmonitored alternate path to the internet. Additionally, without safeguards in place, the mobile device can introduce malware to the system network. From an employee standpoint, when network technicians trace the source of the intrusion back to their mobile device, they may be responsible for any damages even if it was unintentional. 

Never too late to learn 


When you educate your employees on the risks of removable media, you not only deter an unsuspecting user from doing something damaging, but you also empower them to watch out for suspicious behaviors in others. Educating employees on the risks posed by removable media is helpful, but the temptation to charge a phone for just a few minutes or see what’s on the “2019 Pay Raises” thumb drive will beat education every time. Any visitor in your workspace could have malicious intent and plug in a malware-infected thumb drive. If your systems are configured to restrict removable devices, it will be less likely to have a major issue on your hands.

To be continued 


A company can only go so far in having policies and mandatory employee training on the restricted use of removable devices, and more importantly, the threats that these devices impose. In Part 2 of our series on Restricting Removable Devices, we discuss administratively disabling removable media ports through the operating system as well as physically altering the connection to better protect your network from “removable device” -based cyber attacks.

Analecta is guiding small and medium-sized businesses


Analecta can help guide you through the nuances of how to implement a more secure network posture to mitigate the threat removable media can pose to your organization. Additionally we can provide a comprehensive look at all security practices within your organization and around high-risk assets. Our assessment identifies the most important next steps in your firm’s cyber security program to maximize protection. Email us at info@analecta-llc.com or visit our website.

Further Resources