Skip to content ↓ | Skip to navigation ↓

A few days ago the State Department made public in a report that multiple power plants in the United States were affected by USB based malware during the beginning of October 2012. One of the plants reported a virus infection in a turbine control system. The system was infected when a technician updated software from a USB flash drive that was infected with malware that spread to at least 10 more computers. The entire power plant was taken offline for three weeks.

The  second power plant’s computers were discovered to be infected after an employee asked IT staff to check his system after experiencing issues with the USB port which was used routinely for backup up of control system configurations. The IT administrator ran an antivirus update revealed  “known sophisticated malware”. Further investigation revealed the malware was on two workstations that were critical to the operation of the control environment. In addition the systems in this case had no backup and a wipe of the systems would have impaired operations of the plant.

Several years ago I spent a lot of time researching and working with USB based malware. I had built a website (now offline) that focused on the tools, mitigation strategies and general information regarding USB based malware. Several tools were made available to highlight the damage that could be done with a simple flash drive, from infecting a network, installing backdoors and stealing data. The site ended up being quite popular and I received some interesting inquiries and information from both sides of the law.

What is amazing is that that even today even with more awareness and Microsoft finally removing autorun functionality, flash drives continue to be a key mechanism through which malware is spread to systems. Even within highly secured environments including Air Force drone control systems, the International Space Station, and now as we have seen systems controlling critical infrastructure (ie. Stuxnet), flash drives continue to be a thorn in our side.

Why are flash drives still a problem?

Convenience: Many organizations have policies regarding the use of removable media devices in their environments. However these policies can prove inconvenient and hinder productivity making them difficult to enforce. In the case of the Air Force drone control systems being compromised, flash drives are against policy, but the policies were apparently waived in this case, as maps and other data had to be loaded across systems that were not networked. In the case of industrial control systems, they are usually not connected to an outside network and so to update software a flash drive is used. In the case of the International Space Station incident in 2008, it is believed the infection came from a personal flash drive one of the ISS residents.

Weak Internal Policies & Controls: Another key factor is that as general rule internal systems are not secured as tightly as external facing systems, usually due to budget issues and more relaxed policies as a trade off for increasde productivity. It becomes a question of risk vs. cost and as a result internal security configurations and policies are more lax. As a result it is easier to attack a network from the inside than the outside, once an attacker has their foot in the door it is simply a matter of covering their tracks.

Tripwire University
  • any programs you create cannot be commercially sold on. Regretfully, the full paid version of the IDE is not cheap, and probably not appropriate for a hobbyist

  • denver hardscape

    What is awesome is that that even these days even with more attention and Microsof company lastly eliminating autorun performance, display pushes keep be a key procedure through which viruses is distribute to techniques.

  • Leesa John

    The full paid version of the IDE is not easy to buy everyone.Microsoft company lastly eliminating auto run performance.I recommended your post here thanks.

  • Vickiq

    The full paid version of the IDE is very rewarding and useful for everyone.Thanks for sharing this great info here.

  • Vince

    This is very rewarding and astounding post,i consider to recommended it.Thanks for sharing this great info here.

  • It's terrible. we stored many important data in our USBs, so I think USB security is important.

  • Simleu

    At least it’s a good thing the situation has been fixed. Let’s hope it would not happen again.