Friday, August 8, 2014

Babusb in enterprise. Why you should not panic over it.



Hot topics of this past 2-3 weeks - Badusb. Until yesterday, most talks or write-ups are just speculations as there are no details released.

Folks at srlabs.de had released more details during their Black Hat 2014 presentation yesterday. You may grab the slides on their website here

As the CISO or Information Security Professional responsible for ensuring security within your organisation, you have every right to be worried. The good news is,  you can stop the panic mode now, if....

You don't allow admin right to your users. 
 
To successful attack a target machine, the attacker must have/gain access to a machine that has been logged in by a user that has admin privilege.

I find that WIBU Systems's alert explain it very well. Here are the excerpt:

"A BadUSB attack can be successfully accomplished only with logged-in users who have administrator privileges to their computer. In principle, the attack would also work for OS X and Linux; only the actual commands from the “keyboard” would be different."


Nowadays, most enterprise laptops/pcs are hardened and you rarely see users with admin right anymore. Of course, there are exceptions (really? If you are the CISO, shame on you!).

Of course, there are still risks. But I will say, the risk is low - if you have done the right things.