Although many security hazards for enterprises are relatively intangible, USB devices could also pose threats and be used to introduce security risks into terminals. This makes a mainframe modernization plan with an emphasis on security even more urgent, because it makes attacks from directly attached devices that much less probable.
Threatpost recently reported on the work done by Samy Kamkar to investigate how a USB microcontroller could be used to hack into an unprepared terminal. Called USBdriveby, this type of maneuver can trick a system into thinking it is accepting a keyboard and mouse, while in reality the user quickly establishes a "backdoor" and tweaks codes without being detected. Because the mouse and keyboard don't require special authorization, the hacker has free reign.
Other, more common USB devices are rumored to cause possible malware too, but these stories may be exaggerated. Writing for CSO, Steve Ragan addressed the notion that popular e-cigarettes (or "vaporizers") could transmit malware if plugged into a computer through a USB charger. Although The Guardian recently reported that this was the case for one man who described his experience on Reddit, Ragan argues otherwise.
"The story from Reddit isn't a malware issue. It's a supply chain issue," he writes. "While there is no proof the infection story is true – if it's a concern – the best bet is sticking to known sources. Avoid knockoffs when it comes to batteries and chargers, it's safer and worth the extra cost."
As new forms of threats are uncovered and incorporated into standard security protections, your business should make sure it is placing important applications in a web environment that can be secured against attacks and malware of this nature.