Tag Archives: USB devices

Webinar Review: How to Stop Malware and Advanced Persistent Threats

25 October 2014

Last Thursday evening I attended the SC Magazine eSymposium: Advanced persistent threats. You have to register with SC Magazine to get access to the sessions. Please use always a strong Password.

Among the many informative sessions offered, ‘How to Stop Malware and Advanced Persistent Threats’, sponsored by AccelOps, was in particular interesting for me. In this 30 minutes session Benjamin Powell, Director of Product Marketing at AccelOps, showed how malware, in this case a Remote Administration Tool (RAT), is constructed and how it works.

It is really frightening to see what an attacker can do once he hijacked your computer!

On two slides Benjamin Powell talked about how to protect your organization against APT. Please click to enlarge.

How to Stop Malware and Advanced Persistent Threats I

How to Stop Malware and Advanced Persistent Threats I

How to Stop Malware and Advanced Persistent Threats II

How to Stop Malware and Advanced Persistent Threats II

I recommend to generalize the advice about USB drives to ‘Don’t trust USB devices and the files they contain’ because USB devices are in general dangerous. Remind the discussion about BadUsb in summer.

I am often asked ‘What should I do with this USB stick full of documents I got from the organiser of an event’. My standard answer is ‘Never use it! Shred it!’

If you can’t avoid using USB devices for data exchange securely erase all data on the device before copying your data. Format the device and run cipher /w on the volume from a command prompt. Cipher /w (w for wipe) overwrites in 3 passes each block on the device with zeros, ones and random numbers. This makes it very unlikely that an attacker could re-create deleted files.

On Friday I got an invitation to the InformationWeek webinar ‘3 New Tactics To Protect Data On The Move’. First 40 registrants get an 8 GB Dual Purpose USB! It’s hard to believe …

Shred it!

The Minimalist Approach to IT Security

18 August 2014

When it comes to USB device security everyone starts talking about tools immediately. A tool for locking or disabling the USB devices, a tool for encryption of devices, etc. Small and smart tools, integrated in a smart big management solution to simplify end point administration. And each tool installs at least one agent on the end point which ensures that the latest policy changes are downloaded in due time.

Today, tools are necessary for efficient administration of the complex IT systems we run to support businesses in executing their strategies. Unfortunately every smart tool adds complexity to this IT systems.

In addition, with every new tool the attack surface of our complex IT systems increases dramatically. Why?

  • Tools are not error free. Every tool comes with some unknown vulnerabilities that could be used by attackers to get unauthorized access to our systems.
  • Tools, in particular the agents, are communicating with lots of other tools. In this highly connected tools universe it is very likely that new vulnerabilities are created from a combination of vulnerabilities of each tool.

This holds for every IT task we support by tools, and in particular for the security related tasks.

Therefore I am in favour of the minimalist approach:

(1) Use as few tools as possible

(2) Check first, if the problem could be solved by existing means

For the USB devices:  Try to use a group policy and awareness training before implementing a new tool.

Simplify your Life!

BadUSB – Don’t fall into a doomsday mood!

2 August 2014

When Karsten Nohl published his research on 21 July 2014, BadUSB spread throughout the media within hours. One had the feeling that the end of the world arrives at the door. Millions of  potentially compromised USB sticks could take over control of all other USB devices.

But the worst is yet to come: We are utterly powerless! Antivirus products of whatever vendor could not block this kind of attack.  As if we did not know, that Antivirus products are of limited value today.

My first reaction was: Keep cool! It’s just a proof of concept. It’s not in the wild! And the best is: It’s a very complex task, and therefore not lucrative for normal attackers.

Vulnerabilities in the handling of USB devices are not new. A search in the U.S. National Vulnerabilty Database (NVD) shows 4 high severity flaws in the past 18 month. Moreover, it is well-known that viruses are very often spread through USB devices. We all know the risk!

And even the vulnerabilities in onboard controllers are not new. Mathieu Stephan reports in his post ‘Hacking SD Card & Flash Memory Controllers’ from 29 December 2013 that the Firmware of SD Card’s was compromised. Take a look at the Video in his post.

Marshall Honorof’s post ‘Don’t Panic Over the Latest USB Flaw’ from 1 August 2014 saved my day.

At the end of his post Marshall sums it up: ‘Make no mistake: BadUSB is a fantastic proof-of-concept, and lays bare some serious problems with USB stick security. But, like anything else in the world of computing, you can avoid trouble using a little common sense.

To be honest, I expect a technical solution to the BadUSB trouble within the next month. Otherwise the USB stick market will collapse.

But in the meantime: Don’t Panic!