Recently multiple news outlets have had articles with stories about organisations that have been targeted to receive USB memory sticks or other mobile media. According to these articles, these USB devices have been prepared with malicious content to infect the users computer with ransomware. The malicious USB sticks contain several attack components. One is the manipulated hardware that perform the so called “BadUSB” attack, in which a USB storage device simultaniously also acts as an input device emulating a keyboard and sending commands to the computer to manipulate it. Another is files containing multiple strain of ransomware as well as attack tools. The many articles quotes warnings and advisories from both law enforcement and CERT organisations as sources.
Many of the articles contain recommendations similar to the example below: “These recommendations include a call on individuals and organisations not to insert USB drives from unknown sources, even if they’re addressed to you or your organization. In addition, if the USB drive comes from a company or a person one is not familiar with and trusts, it is recommended that one contacts the source to confirm they actually sent the USB drive.”
Some people and some organisations can adhere to this recommendation. For others it is not as easy. It is often hard for some organisation to not accept USB devices or mobile media (e.g. SD-cards) from third parties. We can give some real-world examples of organisation where handling unknown media sources is happening all the timee. Media outlets needs to get information from anonymous sources. Government agencies that needs to accept input, in analog or digital form, the general public. Muncipality services need to exchange information with its citizen. Also, most big organisations have groups of people (lawyers, communications staff, IT staff, etc) that exchange information with 3rd parties where you have not been able to establish a long relation or trust at the point when some media device is getting used to transfer power points, PDF’s, updated software or other files. These are all examples of situation where there are organisations that need some other way to protect itself against malicious devices and infected files on or these devices.
Impex is a solution that would be very helpful in situations like this. It is a perfect protection to both check for the presence of infected files, but also to transfer those checked files from the unknown device onto a local, and trusted, device that in a later stage can be transferred to other systems. Impex is also protected against the type of attacks described in the articles, the “BadUSB” attack. The hardening of the Impex station makes it immune against this attack. Impex is perfect when you need to protect against devices received from the general public, from 3rd parties.
Contact us at sysctl to get more information on how we can help you protect your organisation against unknown devices or malicous files.
References
Ransomware warning: Cyber criminals are mailing out USB drives that install malware
FIN7 Mails Malicious USB Sticks to Drop Ransomware
Press Statement: New Ransomware Attacking Organisational Networks Discovered