Okay so I am doing this google cert, because its getting so much traction around. Anyway, I am doing the profile activity (Assuming its okay to post this part, due to it being a shareable profile activity). And we have this mess, from the activity of a parking lot bait usb. I’ll just repost what I told them on the feedback forum for the Cert.
“This is bad google, this is very bad….
“Promoting employee awareness about these types of attacks and what to do when a suspicious USB drive is a managerial control that can reduce the risk of a negative incident.
Setting up routine antivirus scans is an operational control that can be implemented. Another line of defense could be a technical control, like disabling AutoPlay on company PCs that will prevent a computer from automatically executing malicious code when a USB drive is plugged in.”
The first (non Bold area) is fine, the Bold area is laughable. Rubber Duckys exist, Bad USB says hello. Running AV scans and disabling Autoplay is not going to do anything when that USB you plugged in, is running commands as its seen as an HID. How was this missed? Truly? Who wrote this examplar?
The correct answer is the non bold, leave it there, adding the second part makes this inaccurate, especially when the entire idea is what if this was a bait drive. A bait drive is more than likely going to be a bad usb, or a ducky, and disabling auto play and running scans isnt going to prevent that.
Also the section prior, mentioning opening this USB in a VM has the same issue. Opening this in a VM does not protect from a Ducky/Bad USB. Want to open it in a off network linux box, cool, putting it on a domain computer AT ALL is an issue. ”
Am I the crazy one here? Apparently Google doesnt know about Duckys. IMO, first sentence FULL STOP. Dont plug things in that you dont know where they came from, WERE DONE lol. Or anyone disagree?