We couldn’t be more excited to announce that we are launching a new Hoxhunt Challenge called ‘Unknown Devices’ soon.
Why did we choose ‘Unknown Devices’ as the topic of the new Hoxhunt Challenge?
What would you do if you found a Universal Serial Bus (USB) stick? Would you plug it into your computer? Would anyone you know plug it in, in order to find the owner? Would your employees plug an unknown device into the company computer?
If you answered yes, you and your systems are in danger.
The ‘Unknown Devices’ challenge places you, the player, in the trainer’s seat. Your task is to guide Bob, your imaginary friend, to do the right thing with the USB stick he has just found. Bob has some tricky questions, so it might not be the easiest job to convince him to do the right thing and take the secure path.
Social engineers use USB drop attacks to spread malware
We’ve seen many times how plugging in an innocent-looking USB stick can be at the center of serious cyber attacks.
Cybercriminals have been using so-called USB drop attacks to spread malware. They are using simple psychology: Most people would pick up a thumb drive and plug it into a computer with the hope of finding the owner and returning the drive. It’s a simple social engineering technique, and sadly, it works.
Attacks against the French Navy or the City of Manchester started with USB sticks. US military forces were also hit with an attack when someone plugged a malicious USB into a laptop in the Middle East. Also, the infamous Stuxnet was utilizing USB-dropping to spread malware around offices.
A memorable way to teach people not to plug in unknown devices
The ‘Unknown Devices’ challenge is super simple yet memorable: You need to teach Bob what to do and what not to do when he suddenly finds a USB device. Bob is ready to do his detective work to return it to the owner, possibly. In the game, you will advise Bob through chat on what to do.
Sometimes, employees may feel hesitant about asking the security department when they are unsure about what they should do. Turning to a friend could feel like a more natural thing to do.
Depending on how well you advise Bob, by the end of the game, he can become:
- Bob, the Superhero, or
- Bob, the Reliable, or
- Bob, the Hazard
Don’t worry if you don’t do the best the first time; you can always start it from the beginning. J
What will you learn playing the Unknown Devices Hoxhunt Challenge?
- Never plug in unknown devices. A USB flash drive could carry dangerous malware.
- If you plug in a device that carries malware, it will cause instant damage, and you may not even notice it. The malware can run itself automatically.
- Even the best antivirus software may not help.
- If malware is spread on your computer or systems, attackers have complete control: they can record your screen, corrupt your files, and steal your information.
- Any device can carry malware, not just USB sticks. If you are not sure about its origin, leave it alone.
- Always follow your company’s guidelines on security. If you find an unknown device, you should report it to your security team. Do not leave it lying around because someone else may take it.
Are you a Hoxhunt user and ready to complete the challenge?
You can go ahead and play the game! Sign in to your Hoxhunt dashboard and find the challenge under the ‘Challenges’ section.
It will only take about five minutes to complete the game and learn what to do with unknown devices.
How do you communicate the ‘Unknown Devices’ Hoxhunt Challenge to your employees?
We suggest that you communicate the challenge to your employees in a way that best fits your cybersecurity culture.
You could communicate about the new challenge in an email. In this case, communicate the following:
- What is the challenge?
The challenge will prepare you for what to do when you find a device of unknown origin, such as a USB stick.
- Why is this important?
USB thumb drives could carry malicious software that could spread quickly if plugged into a computer, meaning someone could record your screen or steal your information.
The challenge will prepare you for what to do if you find yourself in a situation like this.
- How long will it take to complete?
It will take only 5 minutes of your time from start to finish. You can always return and play the game again to refresh your memory.
- Where can they find it?
Log into Hoxhunt and find it under ‘Challenges’.
We also created a promotional poster for you that you can use for your internal communication. You can find it in the Hoxhunt Knowledge Base.
Do you need help with your communication? As a Hoxhunt admin, you can always reach out to your dedicated customer success manager, who will be happy to help you.
Not a Hoxhunt user, but you’d be interested in learning more?
It’d be thrilling to show you the Hoxhunt security engagement training and our challenges. Request a demo now, and we will be in touch to set up a time.