Written by Chris Poer, Techgardens Senior Manager of Security Services
Show of hands: how many people attend a trade show and pick up free giveaways? Have you ever attended a trade show where someone was giving away free USB’s? Many of us know that it would be unwise to use a USB we found on the street, but how many of us would use one we received at a trade show? How can you be sure that the USB you receive at a trade show isn’t infected by malware or a virus?
For years I thought I would be safe from cyber-attacks if I simply was careful with clicking on attachments, keeping my OS updated, and staying away from dubious websites. Then I read a study last year by Google that tested the effectiveness of dropping 300 infected thumb drives across a university campus. The study revealed that 98% of the drives were picked up and 45% of the drives were not only connected to the network, but had files on them accessed with the first instance occurring in less than 6 minutes. Evidently, I am not the only one in the world that felt safe with this over simplistic approach to security. OK, lesson learned. Probably should attend (and pay attention) to more security awareness training.
Fast forward a year as I was visiting booths at a tech conference talking to chat and collect interesting giveaways. Some companies really go all out with their gifts and I can always use a nice water bottle for the flight home. I noticed that pretty much everybody has a USB drive on their table containing company and product information. I probably have a dozen of these in my backpack collected over the years never used except for when a daughter needs one for school. That’s when my mind suddenly went back to the study. This would be the perfect way to unleash a new cyber-attack across a broad front of high-tech companies. I am not saying the trade show attendee would deliberately pass out infect drives. However, I bet it would be easy to sell infected drives to the high-tech focused marketing promotional product companies and let them sell them unknowingly to client companies. Then just wait 6-12 months for the attack to activate and start collecting data and crypto currency. Sigh, one more thing not to do.
While it may seem totally unreasonable to think that a company at a trade show would put their logo on a promotional USB and knowingly infect a USB with malware or a virus. However, it is entirely plausible that the promotional products company could receive infected USB’s without knowing it. Can anyone really be sure that the promotional products they are ordering are clean and virus free? Would you really want to take that chance and use a USB you receive from a conference or trade show? Would it really be wise, not knowing where the USB was manufactured or the the point of origin of the USB? Unfortunately, today we need to be more vigilant than ever and while free giveaways are nice to receive, some could put your entire enterprise in jeopardy.
At Techgardens, we can provide customized security awareness training for enterprises of all sizes. Included in our training would be information like what not to do with a USB device you find or acquire at a trade show. For more information about our security awareness training for enterprises, please call 646-783-4550 today.