Imagine you were to receive an official-looking USB device in the mail from a trusted source. Chances are likely you would use the device under the assumption that it is secure.
This is exactly what members of the American Dental Association (ADA) recently did after the ADA mailed out thousands of USB thumb drives—37,000 to be exact—containing updated “dental procedure codes.”
Unfortunately, as KrebsonSecurity recently reported, some of these devices were laden with malware that allowed attackers to assume full control of infected PCs.
How did this happen? The ADA believes that one of the many machines used for duplicating USB devices became infected during a production run for a different customer. Unfortunately, the malware was transferred onto a portion of the ADA’s USB devices. The devices, it should be noted, were made in China by a subcontractor of an ADA vendor.
While the ADA has since alerted its members about the malware and apologized for the incident, the fact remains that this situation could have been easily avoided if the ADA had simply sent the information to its end users over the Web instead of through a physical device in the mail.
External USB thumb drives should be used only for storing small amounts of private information—not for distributing information to large amounts of end users.
This should also serve as an important reminder that working with third-party technology vendors can open the door to unforeseen security threats. It’s therefore vital to communicate with your vendors and ensure they are fortifying their networks with the latest cybersecurity solutions.
What’s more, your employees should be up to speed with the latest cybersecurity training. Click here to learn more about the cybersecurity training that Apex Technology Services offers.