Curiosity Killed the Network

Posted by Fred Bauerfeld and Gretchen Thomas on October 13, 2020
Cybersecurity

One of a technician’s biggest fears is user Curiosity. Curiosity has been the culprit of a number of major successful cyberattacks on unsuspecting companies. It is the reason you might click on a link in an email sent from an unknown source. It’s the reason you might follow a rabbit hole of links to unsafe sites on the internet. Curiosity is also the reason you might click on a random link at the bottom of an unfamiliar website.

In order to keep your company’s network and confidential data secure, you and your employees should be aware that cybercriminals attempt to trick you by applying to your Curiosity. One of their little-known tricks is scattering USB drives in conspicuous places such as the parking lots of targeted companies.

Curiosity May Increase Your Organization’s Security Risk

Researchers performed the following experiment to test how risky yielding to our Curiosity can be.

A few major organizations got together to conduct a study:

  • The University of Illinois
  • Urban-Champaign, Google
  • The University of Michigan

In the study, they tested how the Curiosity factor can affect a company’s cybersecurity. They scattered 297 USB drives around the Urban-Champaign campus. On the drives, they installed software that mimicked malware. When some Curious soul opened one of the files on the drive, it didn’t infect the computer with a virus. But it alerted the researchers that it had been opened and then sent them the location of the computer.

48% of the drives were plugged into computers!

Read the whole story here: Story of the USB Drive Study

The DOD Infiltrated Via Thumb Drive

If you think that’s crazy, listen to this: One of the worst cyber-attacks on the U.S. military in history occurred in 2008-09. It happened at one of the Department of Defense’s (DOD’s) Middle East bases. Someone inserted a thumb drive they found in a parking lot into a computer. It was like a worm that infected the entire network and went without detection.

“Once in place, the malicious code began to ‘beacon’ out to its creator, letting whoever created it know that it was in place and ready for further instructions. That’s the only way analysts from the NSA’s Advanced Networks Operations team noticed it was there.” – Blake Stilwell, We Are the Mighty, The worst cyber attack in DoD history came from a USB drive found in a parking lot

14 Months to Wipe It Out of Their Network

It took them 14 months to wipe it out of their network. When they realized what had infected their systems, one of their first responses was to ban thumb drives. They gathered thumb drives from military personnel and found they were all infected. As of the date of this article, no one has ever found out the identity of the hackers or how much information they stole.

“The effort was so intense and deliberate that it led to the creation of the 11th military unified command – The U.S. Cyber Command.” -ibid

If your Curiosity peeks when your online, reading an email, find a thumb drive, or even receive an email or phone call from a known source, err on the side of caution. Choose to be more Curious about cybersecurity. The network it saves might be your own.

Call us to and talk to Fred (Idaho) or Joe (Utah) to set up a free security assessment (844) 400-0616.

+ posts
Website | + posts