Tag Archives: BadUSB

Webinar Review: How to Stop Malware and Advanced Persistent Threats

25 October 2014

Last Thursday evening I attended the SC Magazine eSymposium: Advanced persistent threats. You have to register with SC Magazine to get access to the sessions. Please use always a strong Password.

Among the many informative sessions offered, ‘How to Stop Malware and Advanced Persistent Threats’, sponsored by AccelOps, was in particular interesting for me. In this 30 minutes session Benjamin Powell, Director of Product Marketing at AccelOps, showed how malware, in this case a Remote Administration Tool (RAT), is constructed and how it works.

It is really frightening to see what an attacker can do once he hijacked your computer!

On two slides Benjamin Powell talked about how to protect your organization against APT. Please click to enlarge.

How to Stop Malware and Advanced Persistent Threats I

How to Stop Malware and Advanced Persistent Threats I

How to Stop Malware and Advanced Persistent Threats II

How to Stop Malware and Advanced Persistent Threats II

I recommend to generalize the advice about USB drives to ‘Don’t trust USB devices and the files they contain’ because USB devices are in general dangerous. Remind the discussion about BadUsb in summer.

I am often asked ‘What should I do with this USB stick full of documents I got from the organiser of an event’. My standard answer is ‘Never use it! Shred it!’

If you can’t avoid using USB devices for data exchange securely erase all data on the device before copying your data. Format the device and run cipher /w on the volume from a command prompt. Cipher /w (w for wipe) overwrites in 3 passes each block on the device with zeros, ones and random numbers. This makes it very unlikely that an attacker could re-create deleted files.

On Friday I got an invitation to the InformationWeek webinar ‘3 New Tactics To Protect Data On The Move’. First 40 registrants get an 8 GB Dual Purpose USB! It’s hard to believe …

Shred it!

BadUSB – Don’t fall into a doomsday mood!

2 August 2014

When Karsten Nohl published his research on 21 July 2014, BadUSB spread throughout the media within hours. One had the feeling that the end of the world arrives at the door. Millions of  potentially compromised USB sticks could take over control of all other USB devices.

But the worst is yet to come: We are utterly powerless! Antivirus products of whatever vendor could not block this kind of attack.  As if we did not know, that Antivirus products are of limited value today.

My first reaction was: Keep cool! It’s just a proof of concept. It’s not in the wild! And the best is: It’s a very complex task, and therefore not lucrative for normal attackers.

Vulnerabilities in the handling of USB devices are not new. A search in the U.S. National Vulnerabilty Database (NVD) shows 4 high severity flaws in the past 18 month. Moreover, it is well-known that viruses are very often spread through USB devices. We all know the risk!

And even the vulnerabilities in onboard controllers are not new. Mathieu Stephan reports in his post ‘Hacking SD Card & Flash Memory Controllers’ from 29 December 2013 that the Firmware of SD Card’s was compromised. Take a look at the Video in his post.

Marshall Honorof’s post ‘Don’t Panic Over the Latest USB Flaw’ from 1 August 2014 saved my day.

At the end of his post Marshall sums it up: ‘Make no mistake: BadUSB is a fantastic proof-of-concept, and lays bare some serious problems with USB stick security. But, like anything else in the world of computing, you can avoid trouble using a little common sense.

To be honest, I expect a technical solution to the BadUSB trouble within the next month. Otherwise the USB stick market will collapse.

But in the meantime: Don’t Panic!