A warning has been made about US businesses receiving “bad” USB memory sticks in the post. Although not a new form of attack, what is new is that the USB sticks may contain mass ransomware malware.
If you receive items in the post, be especially wary of USB memory sticks – if the stick is unexpected, it comes from a sender you haven’t received anything from before, or if there are other reasons to suspect it, pass it along to IS for inspection.
That’s a genuine “bad USB” stick from my collection of tools; real “bad USB” sticks won’t be quite as obvious.
Whilst a USB memory stick is just a memory stick, an attacker can build (or buy) something that looks like a memory stick but can be programmed to act as almost any kind of USB device – a keyboard, a mouse, or something else.
A keyboard is quite common because an attacker can insert fake keystrokes that will install malware and then take over full control of the system you are using.