
It’s a common occurrence in the world today, someone finds a USB thumb drive on the ground in the parking lot or a waiting area in a business. Your first instinct is very likely to be that of most American’s “studied”, plug it in and see what juicy information you can find. If you are in proximity to a larger corporation this inclination is likely to be higher because the odds are, at least subconsciously, that the drive belongs to someone from within that company.
As shown in several studies performed by researches the trend is that about half the drives are plugged into computers. According to a group from the University of Illinois (source) the “effective” rate is between 45 and 98 percent. That’s a scary number in my mind, especially considering the huge number of ransomware incidents reported on the news this past year. While most of those can be traced back to malicious payloads in emails, the USB trojan horse method is even scarier. Not only does a user risk having their data encrypted and held for ransom, they could be opening their employer up to infiltration.
Picture this scenario for a moment, it’s likely one that’s really happened somewhere. Employee Tina stops by the coffee shop every morning on her way in to work at the local community bank for her latte. It’s a pattern that’s well established and something she doesn’t often deviate from. Johnny is part of a hacker group that’s intent on infiltrating the bank Tina works for and knows that penetrating their firewall and security directly is futile. Safer than trying to get a job at the bank, Johnny’s group decides to try and compromise an employee. See where this is going yet?