2022-10-20 10:54Blog post

Curiosity killed the cat

A white backbround and a red and yellow apple with a black USB memory stick sticking out of it.Ever heard of "Road Apples"?

Ever heard of "Road Apples"? And no - we're not relating to a piece of horse droppings at the side of a road. These "apples" are far more dangerous.

The sad truth about security

Security is only as strong as its weakest link. Unfortunately, most of the time, people are the weakest link. You may have spent a fortune on hight-tech security, state of the art firewalls, complex remote access frameworks and access passes to even enter the building. But be honest - do You know what a Road Apple is, and what kind of threat it poses? And more importantly, do your employees know?

A game of trust and fear 

Let's cover the basics first. Social Engineering in general manipulates people into sharing sensitive data, like logins and payment information. This is done by tricking the target into handing over information, usually done by posing as someone trustworthy: a colleague, a janitor or a governmental/authority person. By playing emotions like fear and trust they exploit human error to deceive their victims, and thus gaining access to valuable and sensitive information.

A younger man with a full beard stands with a orange building helmet in his hand, wearing carpender pants.

They might call you on the phone posing as a representative from your bank, they may send you an email claiming to be a colleague from another office abroad, or they may even knock on your door saying they are there to fix the ventilation. A well-planned social engineering attack can totally wreck an organization. 

Road Apples - the modern Trojan Horse

A more "creative" type of social engineering attack, based on human curiosity, are Road Apples - a social engineering attack based on a Trojan Horse type of attack. In a typical Road Apple attack, a cyber criminal takes a device - for instance a USB memory stick - and taints it with malware. They then present the tainted USB memory stick (in this case) to the public, and waits for someone to take the bait. 

A USB  memory stick inside a clear glass bottle on a pebble beach.

Usually some worker in the targeted organization will see the USB memory stick (or Road Apple) on the ground, table or floor where it was left. Then curiosity to investigate the content of the USB memory stick, and perhaps return it to its rightful owner, makes the worker carry the tainted device into the office and insert it into his/hers computer, executing the malware either by tapping on it or having it automatically executed. Straight through all your fancy security solutions!

The weakest link

Your security might look solid, but if the people are not aware and educated regarding the types of attacks used, it is all pointless. Stay well educated, stay alert, and take care out there!

About ProVide Server

ProVide Server combines a user-friendly web interface for user collaboration with powerful SFTP, FTPS and TFTP services. It allows all of your file transfers take place on your own private cloud, completely secure from the outside world.