US military bans USB thumb drives

Powered by SC Magazine
 

The U.S. Department of Defense has banned USB drives and other removable media after a worm hit military networks.

The U.S. Department of Defense has banned USB drives and other removable media devices after a worm infiltrated Army networks.

“All units are not allowed to use any USB mass storage devices, which includes everything from hard drives to cameras to some printers,” an Army lieutenant told SCMagazineUS.com in an email on Thursday.

Wired, citing internal U.S. Army emails, first reported the story, reporting that a variation of the worm “W32.SillyFDC” was targeting thumb drives and other removable media and spreading through military networks. To stop the infection, the removable storage devices were prohibited on all military networks, including classified one, Wired said.

Department of Defense spokesman Lt. Col. Eric Butterbaugh did not address the ban but told SCMagazineUS.com that the agency aggressively monitors its networks for intrusions and regularly provides guidance its field officers about threats and measures to ensure its information systems remain secure.

The military's ban on these media devices highlights a problem that every organisation faces, Paul Zimski, vice president of solution strategy for endpoint security vendor Lumension, told SCMagazineUS.com Thursday.

“If someone loads malware on a USB drive and drops it in a parking lot, it's human nature to want to use this thing,” Zimski said. “You don't think of it as a threat.”

Another security issue with USB drives is the risk of data loss. Enterprises must be aware of what information is being copied onto the stick, how it is it being protected and what happens when that device leaves the enterprise, Zimski said.

USB infection occurs in two main ways, said a Symantec blog post Wednesday. After being installed on an already infected computer, a malicious application can copy itself onto a USB drive and look like a legitimate image or video file. A user is infected once he or she manually executes the file.

The other primary USB infection method is called an “autorun.inf modification” and uses the Windows “autorun” feature to launch the malicious file and causes infection without any user interaction.

US-CERT issued an advisory about the increase in USB flash drive attacks and recommended users install anti-virus software and keep signatures up to date. The group also recommended that users not connect unknown or untrusted flash drives to a compute - and disable "autorun" or "autoplay" features for removable media.

See original article on scmagazineus.com

Copyright © SC Magazine, US edition


US military bans USB thumb drives
 
 
 
Top Stories
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Images: the next frontier in data analytics?
Barclay’s global data chief says we’re still at the starting line.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  13%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  26%
TOTAL VOTES: 415

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  55%
 
No
  45%
TOTAL VOTES: 195

Vote