Is It Really a USB Charging Cable?
James Harper
Cybersecurity Compliance ? Speaker ? CMMC CCA ? CISSP ? CCSP ? Program Management ? Team Builder
What looks like a simple charging cable can actually be an advanced tool with a WiFi access point that can be used to take control of a computer and steal data.? And standard intrusion and detection tools have limited ability to detect it, if at all.
Imagine that your organization is a target of a sophisticated nation-state or ransomware group.? The attacker targets key employees in with an email offering a quality smartphone charging cable for a great price.? The employee receives the cable and then connects it to their work computer – or a personal computer used to remotely access their company network.? These cables can not only record keystrokes to steal passwords, but they can also fool the computer into thing that they are a keyboard. The attacker can use this capability to run scripts that send personal and company information back to the attacker and install persistent access on the device.? The possibilities are only limited by your imagination…
How do we stop this?? Well, the first thing is to have policies and procedures, as well as training, to prohibit users from using unknown devices that plug into USB ports.? The next thing is to seriously consider disabling USB ports on devices used for critical information.? Windows can be configured to all for USB charging while disabling the data transfer capability.? This is probably sufficient for compliance with CMMC Practices MP.L2-3.8.2 (Media Access), MP.L2-3.8.7 (Removeable Media), and AC.L2-3.1.21 (Portable Storage Use).? But a better option is to completely disable USB ports, if feasible.
The bottom line is that USB ports pose a security risk.? And the risk is not just limited to viruses and malware that may be present on an unknown USB drive.? Know your device.? Know where it came from.? And know the risks.
It looks like a USB charging cable. And it is. But it’s more than that.
What appears to be a simple charging cable can actually function as an advanced tool with a WiFi or cellular network access point, capable of taking control of a computer and stealing data. Standard intrusion detection tools have limited ability to detect such devices—if they can at all.
领英推荐
Imagine that your organization is a target of a sophisticated nation-state or ransomware group. The attacker targets key employees with an email offering a quality smartphone charging cable for a great price. The employee receives the cable and connects it to their work computer—or a personal computer used to remotely access their company network. These cables can not only record keystrokes to capture passwords but also trick the computer into recognizing them as a keyboard. The attacker can use this capability to run scripts that send personal and company information back to the attacker, stream the contents of the monitor, and install persistent access on the device. The possibilities are limited only by the imagination…
How do we stop this? First, establish policies, procedures, and training that prohibit users from connecting unknown devices to USB ports. The next thing is to seriously consider disabling USB ports on devices used for critical information. Windows can be configured to allow USB charging while disabling the data transfer capability. This is probably sufficient for compliance with CMMC Practices MP.L2-3.8.2 (Media Access), MP.L2-3.8.7 (Removable Media), and AC.L2-3.1.21 (Portable Storage Use). A better option, if feasible, is to disable USB ports altogether.
The bottom line is that USB ports pose a significant security risk, and this risk extends beyond the malware that may reside on an unknown USB drive. Know your device. Know where it came from. And know the risks.
#Cybersecurity #CMMC #InsiderThreats #DataProtection
?