USB Attack Simulation

What it is...

The USB Awareness Simulation tool is designed to help organisations identify and mitigate one of the most overlooked insider threats - plugging in untrusted USB devices. It simulates real-world USB drop attacks in a controlled, safe way, giving security teams visibility into employee behaviour and helping raise awareness about the associated risks.

How it works...

  • Create a New Simulation

    • Go to the platform and click Create New.

    • Enter a Simulation Name and Description.

      Tip: Include where you plan to leave the USB, e.g. “Reception – Visitor Area”.

  • Choose File Type

    • Select the type of file you want to simulate: Word or Excel.

  • Name the File

    • Give the file a name that might entice someone to open it, e.g. “Salary_Increase_2025.xlsx” or “Staff_Bonuses.docx”.

  • Save & Download

    • Click Save & Download Simulation.

  • Prepare the USB

    • Save the downloaded file onto a USB stick.

  • Deploy the USB

    • Drop the USB in a staff-accessible area where you want to test user behaviour, e.g. a shared workspace, kitchen or reception area.

  • User Interaction & Training

    • If someone opens the file, they will be immediately presented with training to reinforce secure behaviour.

  • View Results

    • Go back to the platform and click the 'View Report' option next to your simulation.

    • The report will show:

      • Number of interactions

      • IP addresses

      • Device types used to open the file

Why it matters...

  • Proactive Defence: Identify if employees are vulnerable to USB-based social engineering attacks before real threats occur.

  • Awareness Building: Make the dangers of plugging in untrusted USBs tangible and memorable.

  • Improved Security Posture: Reduce risk from a common attack vector not typically addressed by standard phishing simulations.

Key Benefits

  • Increased Awareness: Employees experience firsthand why unknown USB drives can be dangerous.

  • Targeted Training: Focus your cyber security education where it’s needed most - on those who interacted with the USB.

  • Reduced Incidents: Real-world simulations translate to improved caution and fewer breaches.

Back to all articles