14 DAY TRIAL // Cybercriminals don’t always manage to breach company networks by using the classic hacking methods, but that doesn’t mean they’re ready to give up on their plans to steal sensitive corporate information. In some cases they turn to more physical methods to plant their pieces of malware.
Elsevier reports that a Dutch organization from the chemical industry has been targeted with an uncommon method. The attackers planted spyware-infected USB sticks in the firm’s parking lot, hoping that curious employees would pick them up and insert them into their work computers without giving it much thought.
However, as it turns out, the malicious plan has failed. The employee who found one of the removable media storage units took it to the company’s IT department where it was immediately identified as containing spyware.
While this particular attempt has been catalogued as being “clumsy,” the situation demonstrates that cybercriminals will sometime resort to unconventional ways to complete their tasks.
Furthermore, according to Sophos experts, this method “works just fine” in case the staffer who stumbles upon the storage unit is not as security conscious as the Dutch firm’s employee.
Stuxnet is a perfect example of a malicious element that uses USB sticks for corporate espionage, but it’s clearly not the only one.
ICS-CERT revealed in its May 2012 report that rogue removable media drives are becoming a real threat, especially for organizations that house critical control systems.
Experts advise companies to raise awareness among their employees regarding the use of such devices since they can be just as dangerous as an email attachment that hides a Trojan.
Staffers must never mix personal devices with ones utilized for work. They must also ensure that all the accepted units are properly marked. Finally, when possible, the auto-run feature should be disabled on computers to block viruses that rely on this function.