An infected USB drive was at the heart of the most serious breach of US military networks ever in 2008, a senior US Government figure has confirmed.
US Deputy Defense Secretary William Lynn explained how the provenance of the infection stemmed back to a drive being inserted into a laptop at a US base in the Middle East.
"The flash drive's malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the US Central Command," Lynn noted in an article on the Foreign Affairs website.
"That code spread undetected on both classified and unclassified systems, establishing what amounted to a digital beachhead, from which data could be transferred to servers under foreign control."
This incident led to the creation of Operation Buckshot Yankee, a Pentagon initiative designed to help counter the cyber threat facing the US.
Lynn admitted even since Operation Buckshot Yankee was set up, foreign enemies have managed to acquire thousands of files from US networks and from allies' systems, including weapons blueprints, operational plans and surveillance data.
"When an organisation, such as the US military holds sensitive information, it is important that they ensure the security of all devices entering the network," Ash Patel, country manager for UK and Ireland at Stonesoft, told IT PRO.
Patel stressed the importance, especially for bodies such as the US military, to completely lock down USB ports.
"Never leave a USB lying about unattended, this can lead to a quick win for a hacker but leave devastating consequences for an organisation. Never insert a USB stick into a company machine unless you know exactly what it contains and where it has come from," he added.
Earlier this year, McAfee reported spreading malware on USBs was a technique being used heavily by cyber criminals, even though many would have been forgiven for thinking it was a dying art.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
McAfee and Visa offer 50% off antivirus subscriptions for small businessesNews UK Visa Classic Business card holders can access the deal starting today
-
McAfee Total Protection review: Expensive at full priceReviews Protects your PC and includes a decent firewall, but costly and less effective than some rivals
-
McAfee Total Protection review: Quick, effective and affordableReviews A solid security choice, with perfect malware protection, a fully functional VPN and more
-
McAfee’s zero trust solution strengthens private applications’ securityNews MVISION Private Access grants secure access to private resources from any device or location
-
PowerShell threats increased over 200% last yearNews A new McAfee report finds PowerShell attacks driven largely by Donoff malware.
-
McAfee to sell enterprise business to STG for £2.8 billion
News The enterprise business will be rebranded, with McAfee focusing on personal security
-
Has the US government finally nabbed John McAfee?News Official Twitter account claims notorious tech tycoon has been “detained by authorities”
-
John McAfee ordered to pay $25 million over neighbour's murderNews Controversial figure insists that he will not pay
