Ransomware warning: Cyber criminals are mailing out USB drives that install malw...
source link: https://www.zdnet.com/article/fbi-cybercriminals-are-mailing-out-usb-drives-that-will-install-ransomware/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Ransomware warning: Cyber criminals are mailing out USB drives that install malware
A cybercrime group has been mailing out USB thumb drives in the hope that recipients will plug them into their PCs and install ransomware on their networks, according to the FBI.
The USB drives contain so-called 'BadUSB' attacks. They were sent in the mail through the United States Postal Service and United Parcel Service. One type contained a message impersonating the US Department of Health and Human Services and claimed to be a COVID-19 warning. Other malicious USBs were sent in the post with a gift card claiming to be from Amazon.
BadUSB exploits the USB standard's versatility and allows an attacker to reprogram a USB drive to, for example, emulate a keyboard to create keystrokes and commands on a computer, install malware prior to the operating system booting, or to spoof a network card and redirect traffic.
SEE: Your cybersecurity training needs improvement because hacking attacks are only getting worse
While BadUSB attacks aren't common, cyber criminals in 2020 posted BadUSB drives to targets in the post with a message claiming to be from BestBuy that urged recipients to insert a malicious USB thumb drive into a computer in order view products that could be redeemed from a supposed gift card. That attack was attributed to the FIN7 group, which is also believed to be behind this attack.
According to The Record, the FBI warned that the new BadUSB attacks were shipped on LILYGO-branded devices. The mail was delivered in packages to organizations in the transport and insurance sectors from August, while defense industry targets have received the packages since November.
The USB drives were configured to register as a keyboard device after being plugged in. They then injected keystrokes into the target PC to install malware. Numerous attack tools were installed that allowed for exploitation of PCs, lateral movement across a network, and installation of additional malware.
The tools were used to deploy multiple ransomware strains, including BlackBatter and REvil. BlackMatter is believed to be a rebrand of the DarkSide ransomware group, which appeared to close its business after attacking US fuel distributor Colonial Pipeline in May. This attack prompted discussions between the Biden Administration and the Kremlin over attacks on critical infrastructure.
Recommend
-
11
The huge data security breach and cyber-ransom attack at Finland’s Vastaamo Psychotherapy Centre has provoked a swift response from the government, which is primed to introduce more rigid laws and measures to protect the country’s databases a...
-
11
JBS meatpacker ransomware attack likely by Russian criminals, U.S. says Image Credit: F Delventhal via Flickr
-
8
The fiendish new trick cyber-criminals are using to evade captureBy Joe TidyCyber reporter Published5 minutes agoimage sourceReuters"Follow the mo...
-
4
FortiGuard Labs reports major jump in ransomware as criminals use botnets to attack the edge
-
5
“We’ve essentially created a massive sandbox for cyber criminals to play in” October 21, 2021Sarah Schlothauer...
-
7
Tuesday, 18 January 2022 13:18 How open banking benefits customers, banks – and cyber criminals By Prakash Sinha, Radware GUEST OPINION: Australia is progressing ste...
-
7
News UK/US cybercrime crackdown sees 7 ransomware criminals sanctioned Seven cybe...
-
5
Don't send checks through the mail, the po...
-
9
The robotic falcon maker who lost £100,000 to cyber criminalsPublished1 day ago
-
2
No holiday for AI, chipmakers or cyber criminals
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK