The Hidden Dangers of USB Sticks
USB sticks or flash drives have become ubiquitous. Like the floppy disks of yesteryear, the USB stick holds a dear place in our hearts as a tangible device to store our digital goods. From work projects to school compilations, your favorite song to the last copy of that family photo of you in the ugly sweater with grandma, we keep everything on USB, and most of us don’t think twice about it. Well did you know that USB sticks, like your IRL hands, can pick up passengers that were not intended?
The Unwanted Passenger
Malware or Malicious software is the infectious germ of the internet. Its only purpose is to infect as many endpoint devices as possible. Hackers make malware for two main reasons: to gather data for money and to disrupt use for love of sheer chaos. They use USB sticks as the Typhoid Mary of this story.
How USBs Become Infected
A USB can be infected with malware from being plugged into an infected endpoint, or it can be intentionally infected by a hacker and placed in a common area with the hopes someone will pick up and use it. Malware on an infected endpoint is like the flu virus in a human host; it is searching for any way to infect a new healthy host, and the USB makes the malware portable, ala a cough for the flu virus. Essentially malware is always coded by the hacker to infect any USB device that is used by an infected endpoint. Like biological warfare, that is the point: infect and spread until the end goal is reached. Don’t believe me when I say hackers will intentionally infect a USB and leave laying around? Think again! Humans are naturally curious beings and like cats it can come back and get us. According to the study Users Really Do Plug in USB Drives, of 297 USB drives dropped on a large University Campus’ with non-malicious malware, 135 (45%) of the USB drives were opened. Of the 297 that were dropped 290 (98%) were picked up. And the first USB drive connected within 6 minutes.
How the Infection Spreads
Think of USB drives like unsterilized needles. Once an infected USB is inserted into an endpoint the malware is ready to release. Sometimes you need to open a file for the infection to spread, sometimes you don’t. It is that simple.
How You Can Stop the Infection
The best way to stop the infection is to think of it as an actual infection. It can be prevented if you follow the same advice parents have been giving their kids for decades.
First, do not use USB drives if you do not know where they came from. Just like the advice do not put stuff in your mouth if you don’t know where it came from. Never just pick up a random USB off the street or in the coffee house. Think dirty needle! Also never put a trusted USB stick in an endpoint you do not know or trust.
Second, keep your endpoint healthy with a strong immune system. Good anti-virus is like keeping your immunizations up-to-date. You are picky with which doctor you pick, shouldn’t you be picky about your anti-virus? Make sure the anti-virus you choose scans USB drives before they are opened and warns you if they are infected. Your anti-virus should also scan program updates, internet downloads and websites before they are used. If it doesn’t do this, it is not worth your time. Protect your endpoint like it is a living part of your home or office. The second part of a healthy immune system is getting enough rest and eating right. Well your endpoint has similar needs, you need to restart your endpoint regularly so it can clear its brain, and you need to run the system updates regularly like you are feeding your device. A well maintained device is happy just like a healthy body.
We at K2 Tech are not telling you to never use a USB stick, just like the CDC isn’t trying to make us all germaphobes like Howard Hughes. We are just trying to make you look at the risks a USB might pose and ask that you take precautions to protect your home or business. Just like you ask your kids to wash their hands before they eat.
In honor of the holiday season the K2 Tech family would like to give a gift to you and your family. The gift of free anti-virus for your home. The Sophos Home is the same quality protection we offer our business clients without the hassle of needing to understand IT. And it is FREE. https://www.sophos.com/lp/sophos-home.aspx Works on both Mac’s and PC so you have no excuse. Go forth into 2017 and know your digital goods are safe and free from infection!