USB Baiting

In order to play a phishing attack, a dice must be thrown.
This card represents a device that is being dropped at the company and that connects through wifi, cellular or that creates a remote shell back to the attacker’s server. This card requires the attacker to have installed a server in order to connect back.  In order for the attacker to be able to play this card, the attacker needs a physical access card or an insider threat card.
Chances of success of this card will increase as the hacker level up its tier.

The name of the card
Card Name: 		USB Baiting
The card type
Card Type: 		Social Engineering card type
Whether this card was meant to be played as part of another card
Single or Compound: 		Single
Whether this card must be trashed after being player or not
Play once or Constant: 		Play once
Whether a certain requirement must be met before this card can be played
Condition/Requirement to play this card: 		Attacker must have installed a web server in order to play this card.
The ATT&CK tactic this card belongs to
ATT&CK Tactic: 		Initial Access
The ATT&CK technique this card belongs to
ATT&CK Technique:
Amount of bitcoins the player needs to pay in order to play this card
Price to play the card:
The amount of bitcoins the player needs to play to retreat this card
Cost to pay to retreat the card:
Cards that will counter this card
Waekness: 		Security Awareness Training Card reduces direct the chances of success of this card. Patching and updating systems reduces indirectly the chances of success of this card.
How rare this card is
Rarity: 		Low

Leave a Reply

Your email address will not be published. Required fields are marked *