Establishing Digital Trust: Don't Sacrifice Security for Convenience
Dutch chemical company DSM was recent targeted by an unusual (and unsuccessful) cyber attack -- malware-infected USB drives were left in the company's parking lot in the hope that employees would find them and plug them into company computers.
"Instead of plugging the discarded drives into a workstation, which would have infected the machine, the worker who first found one of the devices handed it in to DSM's IT department," writes The Register's John Leyden. "Sysadmins subsequently found an unspecified password-stealing keylogger, according to local reports by Elsevier.nl. The spyware was designed to upload stolen usernames and passwords to a server under the control of hackers."
"A DSM spokesperson said the company did not report the incident to the police because it was a rather clumsy attempt at data theft," writes ZDNet's Emil Protalinski. "Furthermore, the corporate espionage effort did not result in any damage."
"Experts advise companies to raise awareness among their employees regarding the use of such devices since they can be just as dangerous as an email attachment that hides a Trojan," writes Softpedia's Eduard Kovacs. "Staffers must never mix personal devices with ones utilized for work. They must also ensure that all the accepted units are properly marked. Finally, when possible, the auto-run feature should be disabled on computers to block viruses that rely on this function."