Don't trust that USB freebie, ASD advises public servants
- 12 November, 2015 11:57
Public servants shouldn't trust removable media such as USB drives and DVDs that they are given as gifts at international events and instead hand them over to their agency's ICT security staff as soon as possible.
The warning on the possibility of malware-infected USB drives is part of a new security guide issued by the Australian Signals Directorate, which is the agency tasked with providing data security advice to the federal government.
The ASD today released its information security advice for members of the public sector travelling to high profile and international events.
The Stuxnet worm which targeted Iran is probably the highest-profile instance of malware-laced USB drives being used to compromise a network.
"It is common to receive small gifts, such as removable media in the form of a USB device from stakeholders when attending events, including those also attending these events," the ASD's new guide states.
"People with a malicious intent may use these opportunities to gift electronic devices that are preloaded with malicious software. When these devices are used or connected to an Australian government network or personal device, malicious software may install and run, which can allow the theft of official or sensitive data."
Other advice includes maintaining physical control of a device (avoid leaving it in a hotel room or putting it through as checked in luggage while flying), potentially disabling wireless technologies such as Bluetooth, using VPNs, and being aware that posting too much information on social media sites can aid targeted attacks.
Earlier this year the ASD released an updated version of its key security document for government, the Information Security Manual. The update included the launch of a list of certified cloud services for use by government agencies.