Don’t Touch that USB Drive – You Don’t Know Where It’s Been!
An associate was the controller of an east coast defense contractor. She told me us story about a security breach they had – it’s an interesting story because we’ve heard many variations of this same breach through the years. Tags: cyber security , cyber defense , security breach , security story ,
The company’s HR department wanted to hand out swag at an upcoming recruiting event. They decided to have USB drives printed with their logo on the side and they put their employment application and benefits files on the drives, which they handed out at the event.
Unfortunately they did this without taking the proper precautions. It seems they bought the USB drives online from a firm in China. I’ll bet you know what happened next.
By the time they realized there was malware on the USB drives, they had infected several hundred systems on their network and countless systems belonging to the poor people at the recruiting event. It seems that the company had trained their technical employees about this kind of attack, but not their HR staff. A perfect, and unfortunate, example of human-based vulnerabilities in action.