Hackers leave infected USB drives in parking lots.
It’s called USB baiting.
The attack works like this:
A threat actor drops 5 or 10 USB drives in a parking lot, lobby, or bathroom near a target company. sometimes labeled “Layoff List” or “Top Secret” sometimes no label at all. just a drive on the ground.
Someone picks it up. takes it inside. plugs it in.
The drive auto-runs. installs a keylogger, backdoor, or ransomware loader. The attacker is now inside the network.
How well does it work?
IBM ran a test. dropped 200 USBs across various locations. 98% were picked up. of those, 45% were plugged in within minutes.
Almost half within minutes.
The most famous real-world example: Stuxnet, the malware that physically destroyed Iran’s nuclear centrifuges. It got inside an air-gapped facility via a USB drive dropped in a parking lot.
Never plug in a USB you didn’t buy yourself. ever. regardless of where you found it. regardless of what it says on the label.
If you found one hand it to IT don’t plug it in just to see what’s on it.
Hackers leave infected USB drives in parking lots
American Buddhist Net 