As we head deeper into 2021, we find that the sophistication of cyber threats has increased and is continuously growing. Over the last year, people fell victim to not only email phishing but also social engineering attacks like USB Baiting. Much like any other social engineering attack, the attacker aims to access a target computer or network, but the approach is quite unique — it’s done via a USB! Enterprises in the United States and other countries can use Aware’s USB Baiting solutions to imitate real-life attack scenarios that teach your employees to spot phishing scams and prevent the hefty cost of data breaches.
USB baiting (or USB drop attack) is a form of social engineering attack conducted by planting USB sticks containing malicious software at places where the targets can generally find them. A USB baiting attack relies on its target’s curiosity, who is likely to plug it into their system to find out the contents or the drive’s owner.
Once the USB stick is plugged into a system, the malicious contents have a high probability of spreading across the system/network. Though the chances of malware infection just upon plug-in are rare, the attack’s success remains high. It is highly likely that when the target picks up and plugs an unknown stick into their system, they will also open files or applications without considering the consequences or without giving much thought to security. This process is also known as HID (Human Interface Device) spoofing. The malware masks the USB stick’s identity to trick the system into assuming it for another device such as a keyboard or mouse, thus providing it with the privileges of that device.
Plugging an unknown USB into a computer can result in several forms of cyberattacks. There’s a chance that the malicious USB could infect your computer with a virus, malware, or spyware. It can lead the victim to a phishing site where the cybercriminal can lure the target into sharing their private data. It could also take the form of human interface device spoofing. The planted USB can trick the computer device into thinking that a keyboard is attached, eventually giving remote access to cybercriminals.
Aware can help determine your employee’s ability to identify and assess the risk of picking and plugging unknown USB sticks, thereby preventing company data exposure to unknown risks in the United States. Aware USB baiting solutions include:
Along with testing and training, Aware also offers additional features based on your requirements, such as the scale of operations, campaign statistics, etc.
As with any cybersecurity service, the cost of Aware security awareness solutions differs based on the following set of variables:
Studies report that phishing led to a loss of $26 billion between 2016 to 2019. USB Baiting simulations and training are not a one-time activity. They need to be carried out regularly to ensure optimal retention and effective learning. As cybercriminals continue to ramp up their game, organizations must ensure that their employees are equipped to defend their organizations against phishing attacks. How often or how long a company must adopt and incorporate anti-phishing solutions depend on factors such as: