FBI has issued warning that some Cyber criminals have been reportedly mailing out USB drives that install malwares onto your devices. This may lead to compromised device/network but also major Ransomware threats.
Readers are advised to avoid inserting USB drives onto their devices, specially when they come from unknown sources and even if they seem to have very important data which is directly addressed to you.
These USB sticks are generally sent in the mail through the United States Postal Service and United Parcel Service. Termed after their behaviour, these attacks are called ‘BadUSB attacks’.
Reportedly, one of the types contained a message impersonating the US Department of Health and Human Services and claimed to be a COVID-19 warning. Other malicious USBs were sent in the post with a gift card claiming to be from Amazon.
BadUSB exploits the USB standard’s versatility and allows an attacker to reprogram a USB drive to, for example, emulate a keyboard to create keystrokes and commands on a computer, install malware prior to the operating system booting, or to spoof a network card and redirect traffic.
Unfortunately, this is not a new kind of attack. Similar incidents were reported back in 2020 when BadUSB drives were sent out by cyber criminals via posts to many people. These BadUSBs claimed to be from BestBuy and urged recipients to insert the USB drive into their computer to redeem free gift coupons. That attack was attributed to the FIN7 group, which is also believed to be behind this attack.
FIN7 is a Russian APT group
FIN7 is a Russian criminal advanced persistent threat group that has primarily targeted the U.S. retail, restaurant, and hospitality sectors since mid-2015. A portion of FIN7 is run out of the front company Combi Security. It has been called one of the most successful criminal hacking groups in the world.
US defense company also targeted
The records says In the most recent case of these attacks, the group also targeted a US defense industry company as recently as November 2021, using the Amazon thank-you letter trick detailed above.
This marks the second alert the FBI has sent about FIN7 mailing malicious USB devices to US companies.
The FBI sent the first one in March 2020, after security firm Trustwave found one of the malicious BadUSB devices sent to one of its customers, a US hospitality provider.
Images of the Amazon thank-you letter, the HHS COVID-19 alert, and of the LilyGO-branded BadUSB device are included in the FBI alert, which, we cannot reproduce here. US companies can register on the InfraGard portal to gain access to the alert and learn more about FIN7’s latest BadUSB attacks.