We couldn’t be more excited to announce that we are launching a new Hoxhunt Challenge called ‘Unknown Devices' soon.
What would you do if you found a Universal Serial Bus (USB) stick? Would you plug it into your computer? Would anyone you know plug it in, in order to find the owner? Would your employees plug an unknown device into the company computer?If you answered yes, you and your systems are in danger.
The ‘Unknown Devices’ challenge places you, the player, in the trainer’s seat. Your task is to guide Bob, your imaginary friend, to do the right thing with the USB stick he has just found. Bob has some tricky questions, so it might not be the easiest job to convince him to do the right thing and take the secure path.
We’ve seen many times how plugging in an innocent-looking USB stick can be at the center of serious cyber attacks.
Cybercriminals have been using so-called USB drop attacks to spread malware. They are using simple psychology: Most people would pick up a thumb drive and plug it into a computer with the hope of finding the owner and returning the drive. It’s a simple social engineering technique, and sadly, it works.
Attacks against the French Navy or the City of Manchester started with USB sticks. US military forces were also hit with an attack when someone plugged a malicious USB into a laptop in the Middle East. Also, the infamous Stuxnet was utilizing USB-dropping to spread malware around offices.
The ‘Unknown Devices’ challenge is super simple yet memorable: You need to teach Bob what to do and what not to do when he suddenly finds a USB device. Bob is ready to do his detective work to return it to the owner, possibly. In the game, you will advise Bob through chat on what to do.
Sometimes, employees may feel hesitant about asking the security department when they are unsure about what they should do. Turning to a friend could feel like a more natural thing to do.Depending on how well you advise Bob, by the end of the game, he can become:
Don’t worry if you don’t do the best the first time; you can always start it from the beginning.
You can go ahead and play the game! Sign in to your Hoxhunt dashboard and find the challenge under the ‘Challenges’ section.It will only take about five minutes to complete the game and learn what to do with unknown devices.
We suggest that you communicate the challenge to your employees in a way that best fits your cybersecurity culture.You could communicate about the new challenge in an email. In this case, communicate the following:
The challenge will prepare you for what to do when you find a device of unknown origin, such as a USB stick.
USB thumb drives could carry malicious software that could spread quickly if plugged into a computer, meaning someone could record your screen or steal your information.The challenge will prepare you for what to do if you find yourself in a situation like this.
It will take only 5 minutes of your time from start to finish. You can always return and play the game again to refresh your memory.
Log into Hoxhunt and find it under 'Challenges'.We also created a promotional poster for you that you can use for your internal communication. You can find it in the Hoxhunt Knowledge Base.
Do you need help with your communication? As a Hoxhunt admin, you can always reach out to your dedicated customer success manager, who will be happy to help you.
It’d be thrilling to show you the Hoxhunt security engagement training and our challenges. Request a demo now, and we will be in touch to set up a time.