Hacking with malicious USB drives or malicious QR codes? The most effective way to break in. 🥷🏻💾𝄃𝄃𝄂𝄂𝄀𝄁𝄃𝄂𝄂𝄃🧱🏆

Security researchers Johannes Nordskov, Tyge Tiessen, and Emmanouil Vasilomanolakis present their practical investigation into how effective two social engineering attack techniques are today:

1️⃣ USB dropping attacks (leaving infected USB drives in public places)

2️⃣ Malicious QR code attacks (placing posters with QR codes that lead to attacker-controlled websites)

Targets:

🎯 Two governmental agencies

🎯 An NGO (Action Aid)

🎯 A large university (Technical University of Denmark - DTU)

What was done:

💥 235 USB drives were dropped

💥 110 QR code posters were placed

Can you guess the key finding? QR codes are by far more effective nowadays! A 680.91% QR code scan rate versus an 8.51% USB activation rate. Especially if you place the QR code in the cafeteria!

Super interesting and very practical findings for the security of pretty much every organization out there. Enjoy the read, share it with your CISO, and please stay safe!

More details:

Is this your USB? No, but check this QR code for a free meal! Assessing awareness against dropped USBs and malicious QR codes [PDF]: https://backend.orbit.dtu.dk/ws/portalfiles/portal/398565347/WACCO_2025_USB_4_.pdf

Subscribe now