Question

Assume you have found a USB memory stick in a car park, and you plugged the USB memory stick to your computer. Answer the following questions

1.  What are the security key objectives that could be threaten?

2.  Identify and define three types of malware, and give examples about how could they transported from the USB memory stick to your computer.

3.   What could you do to mitigate the security threats and use the contents of the USB memory stick safely?

Answer 1

1)

plugging a unknown USB device to your system is one of the way you can introduce malware( viruses, ransomware and spyware) to your system. Such drives can be infected with ransomware, viruses or any kind of malware which will disrupt the operation of a system in many ways. security key objectives that could be threaten are

->Confidentiality : malware can monitor activities in background ,or can cause data theft ,or data encryption .

->Integrity : malwares can change the information and programs in a system. so integrity will be compromised .

->Availability : malware can deny access to program or information . so in a malware affacted system ,authorized useres could be not able to access information.

---------------------------------------------------------------------------------------

2)

Some computers have auto run option which allow malwares in usb drive can run /copy itself without any permission. this is how all the malwares affect any computer. and through key stroke ( The act of pressing key on a keyboard, that would trigger some particular functions in a computer ) it start functioning.

1. Rubber Ducky Firmware

it is a popular USB malware . it encrypts your files without your permission and without knowing .

2. USBdriveby/USB driveby

it is a powerful program and developer attached it to a USB drive. This device can hack any computer in very less time. When you plug the USBdriveby to your system, it act as a mouse or keyboard. and then it use pre-installed keystrokes for disabling your computer firewall. When firewall down, USBdriveby take down your DNS settings. now hackers can control your system remotely

3. iSeeYou

iSeeYou malware can hack a device’s webcam and record your activities.It’s a malware that affects cameras in infected Apple laptops. iSeeYou disables the LED light of your computer when webcam is on. This way, user will know nothing

------------------------------------------------------------------------------

3)

first of all Don’t plug unknown usb drives into your computer.it contain some one else data . its not any thing that you should see.( what if it s a usb bomb , that is also apossibility . you plug in you die)

things you can do before examining contents of unknown usb drive is

1) disable autorun option from your computer

2) scan the usb drive with most updated antivirus software . it will detect most of the known malwares.

3) donot run any programs / softwares in the usb drive

4) if you want to safely use the drive , safest thing is do 1 & 2 above and . don't open the drive . just format it and use it.