IT Pros Admit to Plugging In Found USB Drives
The survey revealed that data which was discovered on the found USB drives often included viruses, rootkits and bot executables.The temptation to find out what exactly is on an unknown USB drive is apparently too great for a vast majority of IT workers, with 78 percent of IT security professionals admitting to picking up and plugging in USB flash drives found abandoned or lying around, according to a survey conducted by South Korean security vendor AhnLab. The study also uncovered that more than 68 percent of those surveyed had been involved in a security breach, either at home, work or personally–with many relating back to the infected USB drives. The study warned inserting a found flash drive into a network could lead to infecting files and networks, and ultimately, the loss of valuable data. “I am utterly shocked at these figures, in particular, the 78 percent number,” Brian Laing, vice president of marketing and business development at AhnLab’s Santa Clara office, said in a statement. “For example, Stuxnet, one of the world’s most sophisticated cyber-attacks, gained access to its target system through a ‘found’ USB drive. The creators of the malware left infected USB drives near a uranium enrichment facility and someone picked it up and inserted into their PC. Stuxnet derailed the efforts of that nation to purify nuclear materials at its facility.” Conducted at last month’s RSA Conference 2013 among 300 IT professionals, many of whom were security experts, the survey revealed that data which was discovered on the found USB drives often included viruses, rootkits, bot executables, movies, music and other office documents.
The report warns an infected USB drive could result in infected machines, infected networks, and a PC or PCs in the network converted to a bot for use by cyber-criminals, resulting in stolen intellectual property, such as sales forecasts and customer and financial information.