And recently, this method (again?) Was used for the real attack. The Dutch press reported that members of the local division of chemical company DSM began to find a USB-flash in the office parking lot - they lay on the ground, as if lost. The study of media revealed that the flash drive contains autorun file and malicious software, which should be removed from the working machine the user name and password - and send this information to a remote server.
In this case, by a strange coincidence, none of the staff did not put the flash drive into a working computer, although this behavior is to be expected for many users. The fact that criminals have resorted to this method of attack is already talking about its potential danger. Indeed, it is much easier and cheaper than trying to penetrate the corporate network via the Internet.
Drop an infected flash drive - not such a new idea. It is possible that the attackers used this tactic many years ago, just the news did not reach the media. Computer security experts Bruce Schneier says that the case of the DSM - the first time when he hears of such an attack .
Instead, you can use flash drives and other USB-devices infected with malicious software, which will cause the least suspicion of the IT-services: for example, keyboard or mouse .
Source: hak-club