In the article attached it is clear that hackers are exploiting every possible avenue they can to gain access to your environment and lock you out! This is one of a few articles I’ve read lately about USB memory sticks as a means to get in. And they’re using the good old fashioned snail mail to deliver it!
Other articles as well talk about the USB devices being sent out as freebies to companies as a promo, and by human nature we think ‘oh wow something for nothing, that’s great!’ Well it’s not great, it’s just cost you potentially millions of dollars in a Ransomware attack, let alone the downtime of your business.
I remember back in the day when USB sticks were a great promotional item to give away, or a way to send marketing or sales information to potential clients while at the same time giving them a useful memory stick. Unfortunately it seems those days are gone! We all need to rethink what we allow ourselves and our employees to use on company computers. Imagine if someone brings in a memory stick that they have loaded with pictures or music from home and, unknowingly bring in a virus or worse malware with it??!! They didn’t do it intentionally of course but none the less its now your problem!
A better practice is to ‘just say no’ (to borrow a phrase from long ago), but making it a policy may not be enough. It’s human nature to think that if the port is available I can use it. There are ways to disable the USB ports which is the safest practice, but if this is not a practical solution for your business then using security software to scan these devices is a good step, not the best but better than nothing. Keep in mind most people will plug their cell phone in to their computer to charge it or upload photos or music, this could also result in unwanted malware. We all think it’s harmless, until it’s not.
This article has some great suggestions on how to secure USB ports and their use. And as I always say “it’s better to protect yourself before you get hit, because after they get you it’s too late!”. Do everything you can to protect your most valuable business asset now, not after. Remember employee training is a great part of that protection.
https://threatpost.com/fin7-mailing-malicious-usb-sticks-ransomware/177541/