There is an unattended USB drive on one of the desks at your office. Just testing what it says is then a common reaction. A human reaction that can carry great risks. To identify that risk and to investigate whether your organization is susceptible to the consequences of the USB dropping technique that cybercriminals use, you can have a USB drop performed at your office during the mystery guest visit or separately.

USB drop: A new and dangerous cyber threat
USB dropping is a new and dangerous cyber threat that is becoming increasingly popular. A cybercriminal inserts a USB stick into an unsuspecting victim’s computer and then leaves the room before launching the malware. Once the USB drive is inserted into the victim’s computer, malicious files are automatically downloaded onto the device without any user interaction. The cybercriminals are not even present when this happens because they want to be able to get away quickly in case they are caught in the act and do not want to be arrested or charged. These types of attacks have become an epidemic as hackers continue to refine their methods and find new ways to exploit unsuspecting victims who may not be aware of all the dangers lurking on the Internet today.
What is the purpose of our USB drop action?
Our USB dropping action simulates an authentic USB dropping attack to provide insight for your organization on how it is reacted to and the possible consequences of a successful attack. It provides a great starting point to increase employee resilience and raise awareness levels. During our visit, we hide a USB stick in a public space to entice users to plug it into their computers. In this way, employee behavior is measured against a realistic scenario. In a real attack, the malicious USB drive contains malware that infects the computer when connected.
A USB drop action involves answering the following research questions:
- Are employees informed and aware of the dangers of a USB flash drive?
- Do employees know the rules about, of, for using USB sticks?
- What happens if an employee finds a keychain with a USB stick attached, will it be inserted into the computer?
- Are any employees putting the USB stick in the computer?
Become resilient against the most common technique used by cybercriminals
Become resilient against the most common technique used by cybercriminals