Historically, the Trojan Horse was the ultimate social engineering attack. The Greeks duped their Trojan opponent by presenting an enormous ‘gift’ only to have their soldiers (the malicious payload) jump out of the enormous wooden horse once inside the city’s walls.
The same concept is used today when an attacker leaves an infected USB stick for victims to find. Most people who find it may think, “Awesome! A free USB drive.” But they plug it in, and their computer becomes infected with a Trojan horse or other malicious software, allowing the bad guys access to all of their data.
One reason USB sticks are so dangerous is because many of them have autorun enabled, which can automatically infect a computer just by plugging it in. Or, if a file name is enticing enough, opening it may be all that it takes to infect an entire network. The bad guys count on our curiosity. Make sure you are aware of company policies regarding bringing USB sticks and other data devices into our networks. Also, be exceedingly careful of what data you store on USB sticks, especially those you may remove from the premises.
You may or may not remember that at the 2013 G20 summit in Russian, world leaders and their staffs were given USB sticks programmed with malicious software designed to steal information from computers and cellphones. The devices were included in the gift bags given to delegates at the September summit. Delegations also received mobile phone recharging devices which were also reportedly capable of secretly tapping into emails, text messages and telephone calls.
A good rule of thumb is to NEVER put an unknown USB drive into your computer! Better safe than sorry!