Emerging New Exfiltration Of Data Via RF Threat
Where Is Your Power Strategy?

USB Memory Card Malware Threat

Flash-drive-146163_960_720
There is reportedly a new particularly advanced USB-savvy malware being called "USB Thief" (Google Search) being discussed by many in the technology press.  

If you allow users (including system admins) to use USB storage devices on air gapped systems then this threat can be a potential attack vector a persistent attacker could deploy against your organization.

Basically an infected USB device could be inserted into an air gapped computer where it could collect considerable amount of "protected data" and then exfiltrate the "protected data" back to the infected USB device. Once the device is removed there is reportedly no trace of the malware on the compromised system and no record of the data collected.

Best defense would be not to allow USB storage media on air gapped systems.  Otherwise, restricting data migration from the air gapped network (i.e. the high-side) to the internet network (i.e. the low-side) would be another defensive measure.  Good physical security would also limit the effectiveness of this threat vector.

Some links with more coverage (some of it F.U.D.): techtimes.com, sci24h.com, arstechnica.com, pcworld.com, thestack.com, securitybrief.co.nz, slashdot.org, idgconnect.com, and itsecuritynews.info

 

 

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Actually, I also have same experience to download USB storage media which damaged my USB memory-card. But this article has great tips to avoid such viruses.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Your Information

(Name and email address are required. Email address will not be displayed with the comment.)