USB Drop Attack

What You'll Learn in USB Drop Attack

• Recognize USB drop attacks as a deliberate social engineering technique that exploits human curiosity and the desire to be helpful
• Follow the correct response protocol for found USB devices: do not connect, do not inspect contents, report to IT security immediately
• Explain how different USB attack vectors work, from autorun malware and trojanized documents to USB Rubber Ducky keystroke injection
• Identify high-risk locations where USB drop attacks are commonly staged, including parking lots, lobbies, conference rooms, and shared spaces
• Support organizational removable media policies including USB port restrictions, endpoint detection alerts, and approved device registries

USB Drop Attack Training Steps

1. A Morning Discovery

   It's Tuesday morning. Alice grabs her coffee and heads to her home office to start the workday. On her way through the apartment building lobby, something catches her eye on the floor near the mailboxes. A sleek black USB drive with an official-looking label: 'CONFIDENTIAL - Q4 Salary Review - HR ONLY'

2. The Temptation

   Alice picks up the drive, curiosity piqued. Someone from her building must work at her company - or maybe a competitor? She knows she should turn it in to IT, but... 'I'll just check what's on it first,' she thinks. 'If it's really HR data, I should verify it's ours before handing it over.'

3. Antivirus Warning

   Windows recognizes the USB drive. The file explorer opens, showing several files: Q4_Salary_Review_2024.xlsx Employee_Performance_Rankings.pdf Compensation_Adjustments.docx Suddenly, an antivirus warning pops up - the system has detected suspicious content on the drive.

4. Opening the File

   Alice dismisses the warning, convinced it's a false positive. The salary spreadsheet is right there, promising answers to questions everyone whispers about. She double-clicks the Excel file. It opens with a security warning: 'Macros have been disabled.' The content is hidden behind a message asking to enable macros.

5. The Encryption

   The moment Alice clicks 'Enable Content,' the malicious macro executes. A command prompt window flashes briefly on screen. The hard drive starts churning. Within seconds, ransomware silently encrypts every file on her computer - documents, photos, projects, everything.

6. Checking Her Files

   Something feels wrong. Alice's computer seems sluggish, and the hard drive is still churning. A cold knot forms in her stomach. She rushes to check her important work documents - the quarterly report she's been working on for weeks.

7. The Ransom Demand

   Instead of her quarterly report, a terrifying ransom screen appears. A glowing red lock icon. A countdown timer. A demand for 0.5 Bitcoin. Every single file on her computer - documents, photos, projects - has been encrypted by ransomware. The attackers are demanding payment to unlock her data.

8. Immediate Response

   Alice's heart sinks as she realizes the severity of the situation. All her files - work projects, personal documents, everything - are now encrypted and held hostage. She remembers from security training: the first priority is to stop the malware from spreading to other devices on the network.

9. Damage Control

   Alice immediately powers off her PC to prevent the ransomware from spreading further. She remembers from security training: disconnect first, ask questions later. She moves to her backup laptop to report the incident. The security team needs to know about this immediately.

10. Filing the Report

    Alice opens the security incident report form. Complete honesty is crucial - even though she made a mistake, reporting quickly can limit the damage. She documents everything: where she found the USB, what she did with it, and the ransomware infection.