External USB Drives
The Good, The Bad, The Ugly
What are they?
External USB drives have been around since late 2000. Starting out as no more than a few megabytes they were mainly used for upgrading firmware, and sharing documents or pictures that were small in size. Since then they have evolved into storage devices of
several hundred gigabytes and some even in to the terabyte range. Now they are used for storage of all types and even portable operating systems. As with all things they have their advantages and disadvantages. In this article I will be discussing the good, the bad, and the ugly.
These drives are extremely popular among users of all types. A lot of IT workers to include system administrators, cyber security professionals, and even network engineers live off of portable external drives. They are used as portable operating systems that can get you out of a jam if you need to fix issues with Windows, *nix, or even OSX. I personally have drives with various security linux versions to include Kali, ParrotOS, BackBox, and even Security Onion. Kali has a forensics capability that doesn't auto-mount the internal hard drive of the computer you are working on which is extremely useful.
Other popular uses for these drives are to backup pictures, documents, and music. Also, cars going back as far as 2008 had optional USB ports that would allow you to play music saved on them as well. Companies for years have allowed the use of USB drives for employees to take work home, and bring it back again.
With the convenience and popularity of USB drives, it was only a matter of time that
the more nefarious individuals would use them as an attack surface. One of the first times I had heard of USB malware was when USB Hacksaw was released. This particular malware was used to exploit the autorun functionality of certain drives that ran U3 as a program. The malware itself would activate in the background as soon as you plugged it into your computer and either offload all of your files onto the drive itself and/or send them off to an e-mail address or other server.
Programs like Hacksaw aren't the only issue though. Companies work hard to prevent malware from being introduced into their network, but when you bring files from home into a corporate environment there is no control over those files. As such many companies fall victim to keyloggers and other forms of malware from users bringing malware infected files from home. Now, the common arguments are "I have anti-virus and my files are clean", "The anti-virus at my work will keep me safe", or even "I use a Mac/Linux so there is no way I have a virus". All of these arguments are invalid and will surely have your place of work infected eventually. Another issue with having the ability to use USB drives at work is the possibility of rogue USB drives. They say curiosity killed the cat, but it also kills networks. What would you do if you seen a USB drive or any media for that matter labeled Salary Information or Bonuses? Wouldn't you wonder what was on it? It is drives and media labeled as such and with other tantalizing possibilities that attackers place in parking lots, or office buildings in hopes that someone will plug them in and give the attacker just the access they need. Talk about not having to do very much work for a payoff. With advancements in technology and hacker methodology this isn't even the worst of it.
The ugly of USB drives would be the most recent capability of USB Kill. This particular capability is installed on a USB drive and when you unplug said drive from your computer it immediately shorts out your motherboard and other components. Could you imagine the damage this could cause companies if attackers weren't necessarily after money, rather just damage to a corporation and its reputation. It is only a matter of time before rogue drives like these are paired with other forms of malware and when you remove the drive from the machine you also perform all of the anti-forensics needed to cover an attackers tracks.
It is my opinion that external USB media be either disallowed on corporate networks, or at least closely monitored if it is a necessity to keep business functions going. If the drives are only kept in house and not permitted to be used on home computers then you can still maintain business functionality without the risk of infection from personal computers. To aid in this there are drives though more pricey they come with encryption capabilities and can only be used with certain software installed on the operating system itself. Also, with drives like this then it is less likely that someone would be able to gain access or cause harm with rogue drives.
So are USB drives a good thing, yes, if personal drives are kept personal and away from company computers. While corporate drives are kept at work. If files need to be used at home then utilize options such as Google Drive, Dropbox, Amazon Cloud, or even VPN to allow personnel to take computers home and connect back to work servers.