The FBI cautioned that ransomware gangs are sending malicious USB sticks to the transportation, insurance, and defense industries, posing as the US Department of Health and Human Services (HHS) and/or Amazon.
According to the US Federal Bureau of Investigation, FIN7, the notorious cybercrime organization behind the Darkside and BlackMatter ransomware operations, has been sending infected USB sticks to US businesses with the goal of infecting their computers with malware and carrying out future attacks.
There are two types of parcels that are sent: One is disguised to look to be from the US Department of Health and Human Services; in addition to the USB, these parcels frequently carry messages about COVID-19 guidelines. The second version is made to look like Amazon; it comes in a gift box with a thank-you note, a phony gift card, and the infected USB.
Also Read: Strategies to Automate Security Processes
FIN7 has been around since at least 2015. Initially, the gang gained a reputation for using proprietary backdoor malware to get persistent access to target firms and for using skimmer software to attack point-of-sale (PoS) systems. It frequently preys on casual-dining establishments, casinos, and hotels. However, in the year 2020, FIN7 entered the ransomware/data exfiltration game, utilizing REvil or Ryuk as the payload.
“These types of attacks are often discussed among security professionals but are not that common in real-life attacks,’ says Karl Sigler, Senior Security Research Manager at Trustwave SpiderLabs. He further adds that because of the rarity of the attack, it is probably effective in a lot of situations.
Karl believes that these attacks are triggered by a USB stick emulating a USB keyboard, so these attacks are typically blocked by endpoint protection software that can monitor access to command shells and sometimes even the speed of typing since the USB keyboards inject keystrokes at an inhuman speed. For critical systems that don’t require any USB accessories, physical and software-based USB port blockers may help prevent this attack. Of course, ongoing Security Awareness training should include this type of attack and warn against connecting any strange device to your computer.
“This is an expensive attack to use to throw a wide net and would likely be used in very targeted situations. It’s possible that this attack vector was decided on specifically after some initial reconnaissance,” adds Karl.
The FBI stated that over the past few months, FIN7 has been mailing malicious USB devices to U.S. companies in the hopes that someone would put them in, infect systems with malware, and thereby set them up for future ransomware attacks. The FBI has received allegations of several packages containing these USB devices being shipped to U.S. firms in the transportation, insurance, and defense industries since August 2021, the FBI said in a security alert.
According to the FBI, recipients who insert these USB drives into their devices will be subjected to a “BadUSB” attack, in which the USB will register as a keyboard and deliver preconfigured keystrokes and commands to the machine. These would execute PowerShell operations that would install malware and serve as a backdoor to get access in the future.
For more such updates follow us on Google News ITsecuritywire News