Cyber Alert: Never Trust a Thumb Drive addresses the recent scams and offers GBS cybersecurity best practices relating to thumb drive usage.
Content and video courtesy of GBS cybersecurity partner, Arctic Wolf.
GBS Recommendation: Never Use a Thumb Drive That Has Not Been Verified
SCAM NEWS: The FBI recently reported that a thumb drive scam has succeeded in infecting several networks, which has led to terrible consequences for the infected organizations.
Thumb Drive Scam – First Targets
This scam has targeted key transportation and defense industry companies.
Anatomy of Two Scams
Two recent scams use professional-looking packages, and exploiting personal fears to deceive their recipients. The packages contain a believable message along with a thumb drive that carries dangerous ransomware. And, once the ransomware-infected thumb drive is inserted, it executes harmful code.
The US Dept. of Health and Human Services is being impersonated. The malicious campaign sends packages that contain threatening messages about COVID-19. The campaign preys upon fear created by the pandemic. The scam tricks recipients to open and execute as instructed.
Never Trust A Thumb Drive – SCAM 1. The US Dept. Of Health & Human Services Impersonation
Never Trust A Thumb Drive – SCAM 2. Amazon Package
In this scam, cybercriminals prey on our willingness and pleasure to accept gifts, which opens an opportunity for exploitation. The packages sent appear to come from Amazon with fraudulent gift cards, a ‘Thank You’ note and the malicious thumb drive.
Are Victims to Blame?
Absolutely not. Your employees are not to blame. The key is proper, consistent training and education for employees. Cybersecurity training will help prevent employees from being manipulated.
Education and Training Cadence Are Keys
Educate and train your employees with a cadence that meets your needs and helps ensure top-of-mind awareness across your entire staff, especially senior executives.
According to the Ebbinghaus Forgetting Curve, 80% of what people learn is forgotten one month later. Fittingly, we recommend short, consistent cybersecurity re-education activities once (1x) per month. This cadence provides the needed lessons to keep employees vigilant in helping keep your company’s data, reputation and profitability protected from cyber criminals.
Security Training Actions – Easily Implemented
- Commit to keeping your employees informed and trained on current threats there, how to recognize them, and what to do to keep themselves and their organizations safe.
- Harden your environment. You will want to examine your networks and devices to ensure security and ready to reduce cyber risk.
Long-term Security Recommendations
- Create a Security roadmap that sets goals for consistent cybersecurity vigilance for the entire organization.
- Partner with peers, vendors, and experts to ensure you have trusted support and knowledge leadership to help you win the war against cybercriminals.