|
Malicious USB drives provide an effective way to get direct access to computers inside a corporate network. Attackers may directly plug in the malicious USB devices into a computer in a public area (such as a doctor's office, bank, retail) or leave the USB drive in a public place (e.g. lobby, conference room, cafeteria) with the anticipation that an employee will plug in the device. |
These types of attacks may also involve social engineering, where an attacker may pretend to be IT support personnel, contractor or an executive in order to gain some level of trust from the recipient and convince them that the device is harmless and can be trusted.
|
As is the case with social engineering, it's important that users are aware of these risks that allowing the attachment of USB devices is only allowed when necessary. At a minimum, usage of USB storage devices should be audited with Windows. |
EventSentry Benefits |
||
Storage Audit Verifies that storage auditing in Windows is enabled on all endpoints, real-time event log monitoring stores and alerts on Windows audit events. |
||
|
||
USB Storage Inventory Attaching and removing USB devices is detected and alert on, (USB) storage devices are visible in the web-based reporting. |
||
