Avoid that USB Stick

A word to the wise: As a stranger he gives it to you at random USB stick as a gift, very good not to tenga.

On Thursday, the FBI warned that the hacker has been using U.S. mail to send malicious USB drives to companies located in security, transportation and insurance companies. The terrorists’ hope is that employees will be able to install them on their computers, which makes them more likely to threaten or send other malicious software, History reports.

The smuggling group — the FIN7 group — has worked tirelessly to make their packages seem harmless. In some cases, the packages are worn as sent by the U.S. Department of Health and Human Services, with notes stating that the drives contained important information about COVID-19. In some cases, they are provided as if they were sent via Amazon, along with “a box of decorative gifts containing a fake thank-you note, a fake gift card, and USB,” according to a FBI warning.

The plan appears to have been in place for several months – as the FBI says it began receiving reports of the operation since last August.

The culprit, FIN7, is a well-known cybercrime group that, throughout its career, is said to have. more than $ 1 billion was stolen through various means of spending money. In the past, it has been linked to popular ransomware families – such as DarkSide and BlackMatter – and, last September, security analysts. he said FIN7 faced the challenge of creating a fake cybersecurity company to acquire IT talent in its criminal activities. Suffice it to say it is new.

While it may seem silly for someone to plug a USB stick into their computer, education has shown that, in fact, that is what most people do when they have an opportunity. Hence the popularity of the method of “tearing down”., where a bad car is left in the company parking lot and I expect the weakest link in the company to pick up and, in fact, put it in their laptop. Basically, if you believe one senior security officer, a deadly, worm-infested attack on the Pentagon in 2008 began like this.

Hackers also tried to use USBs as a ransomware vector. Last September, it was said that terrorists have been reaching out to employees of other companies and trying to bribe them to bring out redemption tools at their companies through poles protected by thieves.

All of this is a roundabout way to say a few important things: Do not receive gifts from strangers, avoid bribes, and, if you do not know where the USB stick comes from, it is best to stop.