Historically, the Trojan Horse was the ultimate social engineering attack. The Greeks duped their Trojan opponent by presenting an enormous ‘gift’ only to have their soldiers (the malicious payload) jump out of the enormous wooden horse once inside the city’s walls.

 

USB-Comics_FreeToGoodHome

 

The same concept is used today when an attacker leaves an infected USB stick for victims to find. Most people who find it may think, “Awesome! A free USB drive.” But they plug it in, and their computer becomes infected with a Trojan horse or other malicious software, allowing the bad guys access to all of their data.

 

USB-Comics_Fallen

One reason USB sticks are so dangerous is because many of them have autorun enabled, which can automatically infect a computer just by plugging it in. Or, if a file name is enticing enough, opening it may be all that it takes to infect an entire network. The bad guys count on our curiosity. Make sure you are aware of company policies regarding bringing USB sticks and other data devices into our networks. Also, be exceedingly careful of what data you store on USB sticks, especially those you may remove from the premises.

 

USB-Comics_Hitchhiker

You may or may not remember that at the 2013 G20 summit in Russian, world leaders and their staffs were given USB sticks programmed with malicious software designed to steal information from computers and cellphones. The devices were included in the gift bags given to delegates at the September summit. Delegations also received mobile phone recharging devices which were also reportedly capable of secretly tapping into emails, text messages and telephone calls.

A good rule of thumb is to NEVER put an unknown USB drive into your computer! Better safe than sorry!

The Security Awareness Company

With over 25 years of industry experience, we serve both small & large organizations to create successful security awareness and compliance programs on an international scale. Our team is a strong, creative powerhouse with a passionate vision and we consistently produce on-trend end-user training materials of the highest caliber.

Latest posts by The Security Awareness Company (see all)