Through the course of my day, I frequently encounter numerous stories related to occurrences at our clients or from our partners. Last week I was fortunate enough to hear about a new take on the “Dropped Device” hack.
Typically, the “Dropped Device” hack is a scattering of thumb drives or other media in parking lots or around entry ways to business or government offices. The thumb drives, of course contain malware. It has been identified by Homeland Security that as many as 60% of people plug these into their work computers to see what’s on them. Add the logo for the company that the attack is aimed at, the results go up to 90%.
Here are 29 attacks that take advantage of the USB drive https://www.bleepingcomputer.com/news/security/heres-a-list-of-29-different-types-of-usb-attacks/
One of the new takes to insure the target company is actually getting the thumb drives goes something like this: Man walks into a reception area with his coffee and Resume. He’s here for an important interview. He spills the coffee on the resume, panics, asks the receptionist to print his resume from a thumb drive while he goes to cleanup in the bathroom. He goes immediately to his mother’s basement and begins exfiltrating data to his command and control server located in another country with no US treaties.
By physically entering the premises of the business the hacker insures that the right organization is getting targeted, Even though there is risk of being recorded by security cameras, it’s usually not enough to deter a hacker Let’s be honest, if video surveillance isn’t thwarting bank robberies, it probably won’t thwart a virtual robbery.
Enable Device Control
Device control is a common feature in almost all endpoint products. Enabling it on your systems to prevent unauthorized devices from connecting is an easy way to thwart this type of attack. Additional steps include disabling the Auto-run feature for USB.
Now that you know, get that device control working. Especially near the entrances and common areas. And as always reach out to your trusted security partner to ensure you are optimizing the security solutions that you have in place.