‘Unfixable’ USB Malware Highlights Need for SIEM Services
A pair of security researchers recently released the source code for a highly dangerous USB-based strain of malware similar to another virus created as a proof-of-concept exploit back in July.
The code that was made public is almost identical to the BadUSB malware researchers Karsten Nohl and Jakob Lell debuted at the Black Hat security conference over the summer. Nohl and Lell were able to reverse engineer the firmware of a thumb drive, proving it is possible to create a type of malware that is virtually undetectable and impossible to patch. When it was first shown at the conference, Nohl declared it “unfixable for the most part,” Gizmodo reported.
Nohl and Lell chose to keep the code for BadUSB private due to the vast amount of damage it could cause in the wrong hands, but researchers Adam Caudill and Brandon Wilson have been able to recreate the attack and made the code available for download on GitHub. The two chose to release the information so a fix for the vulnerability can be found more easily, but it no doubt leaves many at risk until a fix has been found.
Malware provides hackers total control
By utilizing the exploit, cybercriminals can completely control an infected machine, as well as alter files on the USB without being seen or redirect browser traffic. According to The Verge contributor Russell Brandom, Caudill and Wilson were able to demonstrate some of the uses for the malware, including taking control of a victim’s keyboard input. The virus is especially dangerous because it could affect anyone using a USB drive and there is very little that can be done to protect against it because the malware lives within the device’s firmware.
While Caudill and Wilson didn’t release the code for malicious reasons, it’s sure that cybercriminals will use the malware for nefarious means now that it is available. The only way the vulnerability can be mitigated is to implement another layer of security around the firmware, which would require completely updating the USB standard. While it’s possible this could happen, a permanent solution is still years away.
Because there is no definitive way to defend against this form of virus, the best way to protect enterprise systems is by looking for suspicious activity in order to catch cybercriminals before they do too much damage. Security information and event management services monitor networks around the clock, looking for anomalous activity. SIEM service providers then analyze the event information to gain actionable information, which is then given to the businesses in order to create a more effective cybersecurity strategy.