One USB Stick Infected with Malware, Plus One Power Plant, Can Equal Big Problems for Everyone – Global Digital Forensics Helps Clients Spot and Rectify These Types of Cyber Security Weaknesses

Share Article

From the famous Stuxnet cyber attack which crippled the Iranian nuclear program in 2010, to the recently released reports about 2 US power plants being infected by malware, USB stick delivery has again proven to be a highly effective way to not only help hackers infiltrate corporate networks, but also jump the "air gap” to internal networks and industrial control systems not even connected to the outside world. Global Digital Forensics offers a tailored social engineering testing component, with USB malware delivery in mind, as part of its comprehensive penetration testing and cyber threat assessments.

News Image

Don't Hand Deliver a Malicious Payload

Having done penetration testing and cyber threat assessments for vital systems like these for many years, it still shocks me to see easily correctable things being left undone

Late last week it was reported that two US power plants fell victim to malware attacks last year, which in one case kept the plant shut down for three weeks. The culprit that delivered the malicious payload? Something almost everyone uses, something tiny, seemingly innocent and innocuous - a USB stick. A hand delivered payload has the ability to circumvent even the most robust and advanced cyber security solutions in the industry, even making often relied upon measures like "air gap" defense measures utterly useless. And when it comes to infrastructure and industrial control targets, the aftermath of a successful USB-delivered cyber attack is not only limited to one company, it can affect vast swaths of the US population. Global Digital Forensics (GDF) helps infrastructure and industrial control clients identify and strengthen the weak links which can allow for this type of malicious payload delivery.

"When it comes to the US infrastructure and the SCADA (Supervisory Control and Data Acquisition systems which are relied upon to keep the nation’s wheels moving, having an outside attacker compromise vital infrastructure targets, whether it's state-sponsored cyber warfare, terrorist activity, or even hacktivism, can have devastating consequences," said Joe Caruso, founder and CEO/CTO of Global Digital Forensics."

"Hacks on these types of systems are the scariest of all because they affect big and vital things in the physical world, not just funds and personal data, but large machines like turbines, train switching equipment, water and sewage machinery and the electric grid, just to name a few. Imagine the worldwide implications if the north-east corridor, or the entire west coast lost power for three weeks, imagine a month in New York City, Chicago, or Los Angeles with no working sewage or running water, absolutely catastrophic."

"Having done penetration testing and cyber threat assessments for vital systems like these for many years, it still shocks me to see easily correctable things being left undone, like actually taking the time to educate employees about the dangers of USB sticks and other digital device like smartphones, instituting and enforcing up-to-date policies, and regular penetration testing and threat assessments. These steps alone would significantly reduce the potential threat and help safeguard these critical systems."

"Our experienced cyber security specialists take time to investigate the situation, research publicly available information, survey the physical lay-of-the-land, observe employee habits and then come up with plans tailored to the unique setting to attempt infiltration. We do simple things like leaving a USB sticks infected with a GDF-created non-destructive payload in the smoking areas or bathrooms and relying on human nature to do the rest, and we can also go full social engineering trade-craft, like pretending to be a new employee, a vendor that's supposed to work on the system, to much more ingenious gambits which I wouldn't want to divulge here and spoil the surprise. It all really depends on how far the client wants us to go. But I can say this, we have never yet been unsuccessful in infiltrating a target we set out to. It's actually a lot of fun for us to get to 'play' these kind of real life spy games, so we really go the extra mile, and at the end of our mission the client's eyes are wide open, their cyber security posture is improved, and nobody gets hurt, so it's a big win all the way around."

“We also help clients by reviewing their cyber security policies and offering remediation steps to strengthen any deficiencies we uncover, as well as helping them stay compliant with regularity agencies, and rest assured, 2013 is going to see some additional regulatory action from the White House, Congress, or both. Our experience, forged over decades, also makes us particularly well suited to Infrastructure and industrial control clients because believe it or not, many are still running on platforms many years old, like Windows XP and 2000. We know all those little things like the default setting is set to autorun when a USB stick is installed on those operating systems. But we always stay on the cutting edge, so we also know how smartphones and other digital devices play a vital role in the leaping lizard malware game also being played today. We know one well-intentioned employee downloading an update from the net, loading it on a USB and carrying right across the 'air gap' to an internal system is all it takes to open Pandora’s Box, and we make sure clients do too by demonstrating it with concrete facts and demonstrative examples which really hit home, from the management level, to the employee level.”

*Global Digital Forensics is a recognized industry leader in the fields of cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare and education arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a plan which will meet your unique needs. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Don’t hesitate to get help if an incident has already happened. For more information, visit

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Aris Demos
Visit website