Tue. Jan 18th, 2022


Hackers have been sending malware-laden USB sticks disguised as gifts to US companies

Pictures: Christian Ohede / McPhoto / Wolstein Image (Getty Images)

Friendly USB sticks are a vector for distributing old malware just like the internet and apparently, they are still very popular with criminals.

On Thursday, the FBI warned that a hacker group was using U.S. Mail to send malware-loaded USB drives to companies in the defense, transportation and insurance industries. Criminals expect employees to be innocent enough to keep them stuck on their computers, thus creating opportunities for ransomware attacks or other malicious software installation, Record Report

The hacker group behind this bad behavior – a group called FIN7 – has worked hard to make their parcels look innocent. In some cases, the packages were arranged as if they were sent by the U.S. Department of Health and Human Services, with notes explaining that the drives contained important information about the COVID-19 guidelines. In other cases, according to FBI warnings, they were distributed as if they were shipped via Amazon, along with a “fraudulent thank-you note, fake gift card and a decorative gift box containing a USB”.

This small scheme seems to have been going on for at least a few months যেমন as the FBI says it originally began receiving reports of such activity last August.

Criminals, FIN7, a notoriously sophisticated cybercriminal group that has been reported throughout his career. More than 1 1 billion has been stolen Through various financial hacking schemes. In the past, it has been linked to prominent ransomware families, such as Darkside and Blackmatter, and last September, security researchers That report FIN7 got into trouble for creating a fake cyber security company to hire IT talent for its criminal activities. Suffice it to say, they are innovative.

While it may seem ridiculous that someone would plug a random USB stick into their computer, Study Shows that, in fact, a lot of people do exactly that when faced with an opportunity. Thus popularity “Drop” strategy, So that a contaminated drive is left in a company’s parking lot in the hope that the firm’s weakest link will pick it up and, curiously, plug it into their laptop. In fact, if you believe one Senior Defense OfficerThus began a catastrophic, worm-fueled attack on the Pentagon in 2008.

Hackers have previously tried to use USB as a vector for ransomware attacks. Last September, It is reported Gangs that approached certain company employees and tried to bribe them to publish ransomware on their company’s servers with sticks protected by hackers.

Here’s a roundabout way of saying the basics: Don’t take gifts from strangers, avoid bribes and, if you don’t know where the USB stick came from, leave it alone.



Source link

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *