VERY IMPORTANT

We often talk about attackers targeting companies with social engineering attacks. These usually take the form of phishing attacks that attempt to trick the recipient into opening a malicious attachment or clicking on a malicious link. Less discussed are targeted attacks using physical media. Penetration Testers that perform physical "pentests" are well versed in dropping "malicious" USB sticks in a target's parking lot or waiting room. More complex are so-called "Rubber Ducky" (https://github.com/hak5darren/USB-Rubber-Ducky/wiki) attacks, where what looks like a USB stick is actually, in effect, a malicious USB keyboard preloaded with keystrokes. Those types of attacks are typically so explicitly targeted that it's rare to find them coming from actual attackers in the wild. Rare, but still out there.