Kanguru Blog: February 1, 2022
February 1, 2022 – A recent article from CyberHeist News warns of a targeted effort on the US Defense Industry regarding new USB-based Ransomware attacks. A notice released from the FBI alerts defense contractors of a scam that is mailing out USB drives with the intent to coerce unsuspecting employees and staff to plug them in, consequently infecting and introducing ransomware into the network. These mailing scams profess to be from Amazon or the Department of Health & Human Services.
The Scam
This deceptive scenario could become a nightmare for organizations around the globe as incognizant employees unaware of the danger might plug in the USB device into their computer connected to a company network, curious to see what is contained on the drive. Situations like this are rare, but usually try to target industries of defense, military, utilities, or municipal organizations intended as an act of terrorism, or malicious attack.
The threat plays out as a malevolent criminal or group attempts to manipulate or tamper with the firmware of a cheap USB device by implanting malware into the drive, then sending the device into an organization openly vulnerable to this type of attack. In other circumstances, a nasty malfeasant may just leave a manipulated USB device precariously lying around a campus or on the grounds of a complex as a “lost” flash drive, hoping that an unsuspecting, inquisitive person will plug it into a computer with access to a network to try to learn the contents or return it to its original owner. Here are some ways to protect against ransomware attacks by using Kanguru products.
The Solution - Digitally-Signed Secure Firmware & Endpoint Security
As a leader in the data security industry for almost 30 years, Kanguru has long been aware of such types of threats and scams. However, with Kanguru Defender Secure USB drives and the right security policies in place, organizations can rest easy and avoid threats like this entirely. Kanguru’s robust line of AES/XTS 256-bit, hardware encrypted Defender USB drives have been trusted for many years by high-security defense, military, energy, utilities and municipal organizations for their premium encryption benefits to password-protect data. But the Defender family of secure USB drives have another great benefit for security-conscious organizations.
Automatically built-into the Defender drives is an additional security feature called digitally-signed secure firmware. Secure Firmware makes Kanguru Defender Encrypted USB drives resistant to threats of malware tampering. If a malicious attack were attempted using a Kanguru Defender USB device, the self-checking firmware and tamper-proof mechanisms would simply shut the device down, making it impossible to use as a threat.
Defender trusted USB devices can be whitelisted by organizations who use Endpoint Security as part of their data security grid, allowing only trusted USB devices on their network and stopping all other cheap, susceptible USB devices from being allowed (blacklisting). Keeping the organization clear of hazardous USB devices allows employees to work conveniently with the organization’s sensitive data on their Kanguru Defender encrypted USB drives to conduct business without interruption.
Secure Firmware for Non-Encrypted USB Drives
In addition, Kanguru realizes there are some organizations who may not require encrypted USB devices to conduct their business, but may see still see a potential vulnerability of malware-tampering at their organization. For this market, Kanguru developed the Kanguru FlashTrust, a non-encrypted, digitally-signed secure firmware USB flash drive that utilizes the same built-in secure firmware as our Defender secure USB drives.
Likewise, Kanguru has a number of other USB devices with built-in secure firmware for organizations, including non-encrypted hard drives, solid state drives, USB-C M.2 NVMe SSDs, and even DVD/Blu-ray optical drive burners.
To see a complete list of Kanguru secure firmware USB devices, visit Kanguru USB Drives With Secure Firmware.
- All Kanguru Defender Secure, Hardware Encrypted USB Drives
- Kanguru FlashTrust
- Kanguru UltraLock HDD
- Kanguru UltraLock SSD
- Kanguru UltraLock USB-C M.2 NVMe SSD
- Kanguru QS-Slim™, DVD and Blu-ray Burners
By whitelisting Kanguru secure firmware products, organizations have several trusted USB device options at their disposal to conduct good business, and keep their networks safe from sinister malware attacks.
Please visit our brand new website at kanguru.com to learn more!