USB Infection
1. USB infection refers to cyber criminals utilising portable media, a source of physical access, to bypass access controls by introducing toolkits that run directly from the device.
Note (1): Unsuspecting employees that are unaware of the dangers can also introduce malware into their work stations. Related Term: Conduit Devices
|
2. Digital denizens are familiar with the USB flash drives given away at trade shows, conferences, information booths and the like. Some are even sent to recipients via snail mail, pre-loaded with useful marketing data and pre-configured to auto-link to websites upon initiation. These handy devices are ubiquitous among swag bag collectibles along with ink pens that don't work, stale mints and badge lanyards of all descriptions. However, unlike the other conference detritus, these drives can carry a dangerous payload.
Source: (Verizon, 2016)
3. USB devices, and other portable media, represent a significant threat to organizational security. Threat actors with physical access can introduce toolkits, built to run directly from the USB device itself, to bypass access controls. Employees curious about content on USB devices can also introduce malware to their work systems.
Source: (Verizon, 2017)