The New Threat from an Old Friend

By Nicole Pauls, director of security product management, SolarWinds

When it comes to security, IT pros can’t control everything. Not all threats can be mitigated by following the simple best practices of keeping security software up-to-date and regularly patching vulnerable applications. In addition, not all potentially risky features can simply be turned off, even if IT pros would like to.

USB ports are a prime example. In fact, according to recent research from SR Labs, hackers can now turn USB devices—the seemingly friendly thumb drives, keyboards, mice and other devices that plug into the USB ports of computers—into malicious tools.

This is done by loading nasty firmware onto the tiny, low-cost computer chips that control the functions of USB devices, which typically have no built-in shield of protection against tampering. Known as BadUSB, the malware has the ability to cause USB devices to take on covert functions, like spying on communications, and to destroy valuable data once connected to a computer.

In business environments, where USB devices are often passed around like business cards and the flu, IT pros need to be proactive about protecting their infrastructure from this new threat. Even if it isn’t widespread today, abuse of USB devices has been around for a long time and it’s important to take the opportunity to revisit policies and controls. Here are some key considerations:

– Proactively monitor networks. Given the stealth nature of the USB device-related threats, such as BadUSB, it’s critical to effectively monitor servers, networks, applications and endpoints for suspicious activity, even if you can’t monitor USB activity specifically. This is a good example of how traditional security software will never be able to stop every single threat. So, having a solid monitoring strategy that includes additional technologies, such as security information and event management (SIEM) software, to help detect unusual trends and prevent attacks can go a long way.

– Track USB activity on a case-by-case basis. There are also a number of tools available on the market, to help track USB activity on a per-user and/or per-device basis and block any suspicious activity. It should start by figuring out where the gray areas are, and then whitelist/blacklist activity as needed.

– Leverage antivirus and threat management software. Though antivirus and other anti-malware software alone can’t detect the malicious firmware on USB devices, they’re still reliable tools for detecting when a potential breach has occurred on your network, especially if it’s not possible to monitor endpoint traffic directly.

– Educate end users. Educating end users on the threats involved with using USBs is a critical component in reducing a business’ risk. By limiting USB device usage whenever possible and creating USB device policies for internal use, IT pros can significantly reduce the impact of potential USB-borne security threats.

In conclusion, we tend to depend solely on anti-malware and other traditional security software to mitigate security threats. However, with many threats, including critically-flawed USB devices, additional precautions need to be put in place to prevent serious damage.

All this underscores a larger message: There’s always going to be some percentage of known good and known bad, but it’s the ever-expanding gray area where we need to devote more attention. Admittedly, mitigating threats in this gray area is sometimes at odds with business. However, with the proper tools to automate, monitor and manage the entire infrastructure, it is possible to reconcile these and implement an effective security strategy that accounts for such threats.