BadUSB is an attack where the firmware of a USB device is manipulated so that it presents itself as a different device (e.g., a keyboard) when plugged in and automatically executes malicious code. The attack is particularly insidious because the device looks unchanged externally.
In an ISMS, ISO 27001 Annex A controls A.7.9 (Security of Assets Off-Premises) and A.8.1 (User Endpoint Devices) address this risk. Countermeasures include USB port control via Group Policy or endpoint security software, disabling unneeded USB device classes, and awareness training on handling unknown USB devices. In high-security environments, completely disabling USB ports or deploying USB data diodes may be appropriate.