InfoSec Blog - Woohoo! Free USB Drive!
September 13, 2019
What would you do if you found a USB drive in the parking lot? While you may be tempted to plug it into your computer in hopes of finding the owner, doing so puts your computer, your data, and the University network at risk.
'USB Drops' are a common social engineering method used to install malware, steal information, and to gain unauthorized access. Here's how it works - the bad guys simply leave USB drives on the ground in a parking lot or outside of a building in hopes that someone will pick it up and plug it into their computer. Once inserted it is programmed to automatically execute a malicious payload.
As it turns out, this tactic is incredibly effective. In one exercise conducted by Google’s anti-abuse research team on a University campus, the team dropped 300 USB drives around campus and found that 98% of the drives were picked up and for 45% of the drives, someone plugged the drive into a computer and clicked on files.
What Should I Do If I Find a Lost USB Drive on Campus?
- Never insert an unknown USB drive into your computer;
- Contact Campus Community Police; or
- Contact Information Security (x.58006 or email email@example.com) to safely check the contents of the drive and find the owner.
If you suspect that your machine has had an unknown USB drive inserted, take the following steps:
- Disconnect the computer from the campus network immediately by unplugging it and/or disabling wireless connectivity;
- Run an anti-malware scan; and
- Contact the CCS Help Centre at Ext. 58888 or IThelp@uoguelph.ca
Other Ways to Protect Yourself
- Always run anti-malware software on all of your devices and keep the software updated. McAfee VirusScan is available at no charge to all students, staff, and faculty. More information is available on the CCS Software Distribution Site.
- Disable Autorun on your machine. Autorun is a Microsoft Windows feature that automatically runs the startup program when a CD, DVD, or USB device is inserted into a drive.
Written by: Stephen Willem (Chief Information Security Officer)