This website uses cookies

We use cookies to personalize content and analyze access to our website. You can find further information in our data protection policy.

OK
German

'BadUSB' Malware Leaves Terrible Taste at Black Hat 2014

by VPNHaus | 08/19/2014 | Endpoint Management

If awards were given out at Black Hat 2014, one nominee for "Exploit of the Conference" would have won in a runaway – the "BadUSB" exploit.

<a href="http://www.darkreading.com/endpoint/when-good-usb-devices-go-bad/d/d-id/1297876" target="_blank">caused quite a stir</a> in Las Vegas earlier this month, which quickly spread to the rest of the world of cybersecurity, when they showed how USB dri

Nohl and Lell explained that since USB drives are designed to be reprogrammable, a hacker could make a drive masquerade as another device. In one example an attacker could reprogram a USB device to assume the function of a keyboard, and then issue commands to the computer or install malware.

scarily insecure</a>," as Nohl put it.

USB Drives are Repeat Cybersecurity Offenders

Long before Black Hat 2014, it's been widely known that USB drives are not the most secure way to transfer data between devices. Convenient, yes. Secure, no.

<a href="http://www.darkreading.com/risk-management/how-usb-sticks-cause-data-breach-malware-woes/d/d-id/1099437?">70 percent</a> of businesses could trace data breaches back to USB drives.

<a href="http://arstechnica.com/information-technology/2013/12/inside-the-nsas-leaked-catalog-of-surveillance-magic/">COTTONMOUTH</a>" to target adversarial networks. If the NSA is exploiting a vulnerability, then it's probably an effective means of attac

A World Without USB Drives?

Even if businesses understand the risk of using USB drives, they're usually limited to making an all-or-nothing choice. In fact, in the Ponemon survey, more than one-third of enterprises said they used software to block all usage of USB drives by employees. Other complementary solutions like antivirus software also won't fend of exploits like BadUSB because the software that runs on USB drives isn't visible to computers. It’s clear that USB drives are a threat, so surely, a smarter approach would be to remove the need for employees to use them altogether.

If businesses want to allow their employees to work remotely, it’s better they require them to access and transfer files using a device that is connected securely to the corporate network via a VPN, instead of allowing them to use a USB drive to move data from one device to another. As soon as a USB drive is ejected from a corporate device, the information it contains is no longer protected by the umbrella of security offered by the corporate network, and enterprises no longer have control over who has access to the data or how the data is utilized.

If an enterprise utilizes a centrally managed VPN, employees can download a VPN client that will work on any device or operating system, which they can use to access files anywhere, at any time. An enterprise will also maintain access control, limiting the information users can access according to their roles and attributes. Additionally, if a user’s computer were to be affected by malware, the network administrator could deprovision the user as soon as the breach was detected, thereby preventing the malware from spreading throughout the network.

Remote Access VPNs For Dummies

 

Remote Access VPN For Dummies</em>, we cover:

- The full VPN landscape, including hybrid IPsec/SSL VPN solutions
- The evolution of remote access VPN
- How to provide users with secure remote access
- How to simplify remote access VPN and reduce costs

Download Now

Remote Access VPN For Dummies</em>, we cover:

- The full VPN landscape, including hybrid IPsec/SSL VPN solutions
- The evolution of remote access VPN
- How to provide users with secure remote access
- How to simplify remote access VPN and reduce costs

Download Now