You are a speaker at an international conference, and your talk is a great success. Afterward, several attendees ask for a copy so they can share it with their teams. One of the attendees gives you a USB drive, and you copy the presentation from your laptop to the USB drive.
This is how a healthcare institution in Europe got infected by Camaro Dragon, a Chinese-based espionage threat actor. Camaro Dragon wasn’t initially interested in the European group. They were after the Asian group where the person with the USB drive worked. Tuns out their computer had unknowingly been compromised with a virus which had USB-propagating capabilities.
Once the USB drive was plugged in, the virus transferred to the speaker’s computer. Then, when the speaker got back to the office and connected the laptop to the office network, the infection spread.
Takeaways:
Don’t plug USB drives into your computer from 3rd parties. Be that a colleague at a conference or one a vendor gives away at their booth.
If someone wants a copy of your presentation, email it to them.
Source: Checkpoint
Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.