A word to the wise: If strange Ever present to you randomly USB stick as a gift, the best No Take it.
On Thursday, the FBI warned that a hacker group is using the US Postal Service to send USB drives laden with malware to companies in the defense, transportation and insurance industries. Criminals hope employees are naive enough to stick them into their computers, thus creating an opportunity for ransomware attacks or spreading other malware, register reports.
The hackers behind this misbehavior – a group called FIN7 – have gone to great lengths to make their packages look harmless. In some cases, the packages have been worn as if they were sent by the US Department of Health and Human Services, with notes showing that the drives contain important information about COVID-19 guidelines. In other cases, it was delivered as if it had been sent via Amazon, along with “a decorative gift box containing a fraudulent thank you letter, a fake gift card, and a USB,” according to the FBI warning.
This micro-scheme appears to have been going on for at least several months – the FBI says it originally started receiving reports of such activity since last August.
The culprit, FIN7, is a remarkably sophisticated cybercriminal group, which has been reported throughout its career More than 1 billion dollars were stolen Via various financial hacking schemes. In the past, it has also been linked to prominent ransomware families – such as DarkSide and BlackMatter – and last September, security researchers This has been reported FIN7 faced the problem of setting up a fake cybersecurity company in order to recruit IT talent for its criminal operations. Suffice to say, it is innovative.
While it might seem silly for anyone to plug a random USB drive into their computer, studies They have shown, in fact, that this is exactly what many people do when faced with the opportunity. so popular The “drop” trick, where a malicious drive is left in the company’s parking lot in the hopes that the company’s weakest link will pick it up and, out of curiosity, plug it into their laptop. In fact, if you believe in one Senior Defense OfficerThe disastrous worm-fueled attack on the Pentagon in 2008 was launched in exactly this way.
Hackers have also tried to use USB as a vector for ransomware attacks before. last september, Reported These gangs were getting close to employees of certain companies and trying to bribe them to unleash ransomware on their company’s servers via sticks secured by hackers.
This is all a roundabout way of saying a few basic things: don’t accept gifts from strangers, avoid bribes, and if you don’t know where your USB came from, it’s best to leave it alone.