What vectors made the attack via malicious USB thumb drives successful?

The success of an attack via malicious USB thumb drives is attributed primarily to the supply chain vector. This involves the process through which hardware or software is provided, either for direct use or within the delivery and storage systems of an organization. When attackers use USB thumb drives, they often insert them into environments where individuals are likely to trust the device, believing it to be legitimate, or they may physically distribute the drives in locations frequented by the target organization. This exploitation of the supply chain leads to the possibility of spreading malware or extracting sensitive information once the USB is connected to the systems.

Direct access refers to the ability to physically access a system, but it does not capture the strategic placement and distribution aspect of the malicious USB. Cloud access is not directly applicable as thumb drives are physical devices, not cloud-based. Social media might play a role in disseminating information or luring individuals into phishing schemes, but it is not relevant to the direct mechanism of how a malware-laden USB thumb drive gains entry into secure systems. Thus, the focus on supply chain highlights the vulnerabilities in how hardware can be integrated or introduced into networks, making it a critical vector for such attacks.