STOP!! – Do you know where that USB stick or memory card came from? Was it delivered in the post? Did you simply find it on the ground and thought “What better way to establish who owns it than to plug it into my computer and see the owner’s details are on it”. Did you know that the biggest cyber-attack in the history of the U.S. military happened in 2008 when a non-U.S. intelligence agency left a USB flash drive in the car park of a U.S. military facility in the Middle East. An employee found the drive and most likely through curiosity or in an effort to establish the owner of the drive, connected it to his laptop. This resulted in the spreading of infection across both classified and unclassified systems and was described as the “Most dangerous attack in U.S. history.
While not the most prevalent in the current wave of cyber-attacks, the possibility of your systems being infected by a USB drive or SD card haven’t gone away. You probably already know that you shouldn’t plug an unknown device into your computer but let’s be honest, human nature takes over. You get curious or just plain nosy. What harm can this little device in your hand do? I’ll have a peek at what’s contained on it. It might be important and I don’t want someone to get into trouble for losing it. Stop, Stop, Stop!! You don’t even have to open the device to infect your computer. Many infected USB deceives will have an auto-run function for the malware contained therein.
A government agency, recently received a large number of USB devices posed to named individuals from different departments. The names and address where allegedly obtained from the agencies website but luckily this agency blocks non authorised USB devices from working on its systems. This potential cyber-attack is currently being investigated with suspected devices being tested in a sandbox environment. Just like a sandbox enjoyed by children the world over, a sandbox environment is an isolated environment that simulates the real environment.
I you receive or find an unknown or unauthorised devise, do not put it into your computer under any circumstances. Hand it over to your IT department or IT service provider for further investigation. While curiosity may have killed the cat, in your case it may kill your computer or your entire network.