Because thumb drives can be laced with malware, it’s never a good idea to plug one from an unknown source into your computer. Something the Iranians learned the hard way when the computer worm Stuxnet took out 20% of their air-gaped nuclear centrifuges.
A more immediate reason not to plug them in is that they could explode. Several flash (literally in this case) drives were delivered to the Ecuavisa TV station in Ecuador. When a TV host plugged one into his laptop, it exploded, slightly injuring his hand and face. The device was found to contain the military grade explosive RDX. Fortunately, only half the charge ignited, or the damage would have been more severe. The attacks appear to be politically motivated.
Takeaways
1. In case you needed another reason to not plug wayward usb drives into your computer.
2. Ecuavisa needs to do more security awareness training.
Definitions
A computer worm is a type of malicious software that self-replicates and spreads independently, often without any user intervention. Unlike a computer virus, which attaches itself to existing files or programs, a worm operates autonomously.
Air-gapped refers to a security measure where a computer, network, or system is physically isolated from other networks, including the internet. This isolation prevents unauthorized access, data breaches, and cyberattacks. Air-gapped systems are typically used in high-security environments, such as military installations, financial institutions, and critical infrastructure facilities.
RDX - An ounce of RDX can potentially destroy a car or a small truck, depending on the placement of the explosive. Or, can be used to break up large rocks or boulders in construction or mining operations.
Source: ARS Technica
Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.