In this activity, I assessed the attack vectors of a USB drive found in a parking lot. I examined it in a sandboxed virtual environment to avoid exposing our network to any potential malware. This helped me evaluate the risks and necessary controls for handling unknown media.
I discovered a USB stick branded with the hospital’s logo on the ground and brought it back to an isolated workstation. Using virtualization, I mounted the drive safely and saw folders belonging to Jorge Bailey—both personal photos and hospital documents. I needed to determine what information was present and how an attacker might exploit it.
| Contents | My Response |
|---|---|
| Contents | I found personal folders like “Family photos” and “Our dog pics” alongside work files such as shift schedules and budget spreadsheets. The mix of personal and professional data suggests potential exposure of PII and confidential hospital information. Keeping these together increases the risk of unintentionally sharing sensitive data. |
| Attacker mindset | An attacker could use the personal photos as social engineering bait to trick Jorge into plugging the drive into a live system. They might hide malicious scripts inside benign-looking documents to establish a foothold and move laterally through the network. The attacker could then leverage hospital documents for targeted phishing or deeper intrusion. |
| Risk analysis | To mitigate these threats, I recommend always scanning removable media in a sandbox before any further handling. Disabling AutoPlay on endpoints and enforcing endpoint security policies will prevent unintentional code execution. Managerial controls like regular USB-hygiene training can raise awareness of baiting attacks. Finally, segmenting the network and restricting USB ports to authorized devices will further reduce exposure. |
Through this exercise, I identified the types of data on the drive, anticipated attacker tactics, and proposed layered controls—technical, operational, and managerial—to mitigate USB baiting risks. Implementing sandboxing, AutoPlay disablement, training, and network restrictions will significantly strengthen our defenses against unknown USB devices.