Even
something as big as a global meeting of nations could have its share of cyber
mischief, and innocent-looking USB thumb drives and smartphone rechargers could
be the crime tools. Not all malicious threats are clear to notice as DDoS
(distributed denial of service). The G20 Summit was held in St. Petersburg on
September 5-6, 2013 with a group of finance ministers and central bank
governors of 19 countries and the European Union. Specifically, they were
Argentina, Australia, Brazil, Canada, China, France, Germany, India, Indonesia,
Italy, Japan, the Republic of Korea, Mexico, Russia, Saudi Arabia, South
Africa, Turkey, the United Kingdom, the United States of America and the
European Union, represented by the President of the European Council and by
Head of the European Central Bank. Russia took the G20 presidency on December
1, 2012, a first for the country. The major categories of thought and planning
are Business 20, Think 20, Civil 20, Youth 20 and Labor 20.
At
the September 2013 summit, heads of state and their teams were given USB thumb
drives with the ability to copy sensitive data from the laptops that they were
inserted in. Reports also noted that the representatives received smartphone
recharger gifts that could have covertly looked at their emails, SMS and phone
calls. Was anyone purposefully trying to spy on the G20 participants? If so,
who was responsible?
The
"spying" campaign was first noticed by Herman Van Rompuy, the
President of the European Council, noted the Italian newspaper Corriere della
Sera. It covered the story on its front page. Mr. Van Rompuy ordered analysis
of the USB pen drives and other devices by both intelligence experts in
Brussels and Germany's secret service. The Brussels component declared that the
allegations were not true and that there was nothing wrong with the gift
devices.
How
can thumb drives and smartphone chargers be used to hack devices that access
the Internet? In fact, they are responsible for some cyber attacks offline!
Kaspersksy noted in August 2013 that it is "becoming more and more common
for attackers to find new ways to infiltrate your devices, like through your
removable media." Removable media includes readers, writers, and drives.
Every
optical disc (Blue-ray disc, DVD, CD), memory card (CompactFlash card, Secure
Digital card, Memory Stick), floppy disk, zip disk, magnetic tape, disk packs,
VHS tape, USB flash drive (also called ), external hard disk, digital camera,
printer, smart phone and other external or dockable peripheral that are easily
removed or inserted into a system is removable media. They all are capable of
infecting, copying, and spying on the system and network if they have the right
compromising file on them. If they can store media, that media could be a
malicious threat.
Some
best practices to use when using USB thumb drives or other removable media:
1.
Set up automation of scans the second items are plugged into a device.
2.
Regularly update device OS (operating systems). Updates are available for Mac,
Windows, Android, Linux and other operating systems. Set up the updates to
occur automatically or to even do so manually at least once per day.
3.
Know what is behind the Facebook, Twitter or other social network chat, wall,
timeline or private message attachments and links. One good tip is to hold
one's mouse over the link without clicking to see a preview of what is there.
4.
Removable media for personal needs should stay separate from those of crucial
business needs. Music and video files that are downloaded from websites, forums
and file sharing sites should never be mixed with crucial data.
Keep
in mind: even reports on Edward Snowden's 2013 activities show that he used a flash
drive when he downloaded NSA data. The USB stick was also the vehicle of two
other famous cyber compromises, the devastating malware, Stuxnet worm, and the
data exfiltration vector associated with the Flame virus. The removable data
was plugged into a computer, secretly collects data based on certain keywords.
The stolen documents are then hidden in a secret folder on the USB drive until
it connected to any Internet-enabled computer again. Then, the documents
automatically sent to certain IP addresses of the originating perpetrators for
their purposes.
Like
DDoS attacks, compromising removable media are
often a cover for or part of other fraudulent activity such as the stealing of
sensitive documents, extortion, and ransom and not just childish mischief.
Discuss
the sharing of removable media such as USB flash drives with your business
colleagues and partners. Conferences and other events directors and the people
who participate in those events commonly give away USB flash drives of
marketing data like case studies, event presentations, and press releases. They
may also have files that can snoop, download or upload data that can destroy
business. Learn more about malicious threats such as removable device data
breaches and DDoS protection. Make cyber security awareness
and planning a regularly scheduled activity!
Article
Source: http://EzineArticles.com/?expert=Lisa_Alfrejd
Article Source: http://EzineArticles.com/8127106
No comments:
Post a Comment