1 min read

Hackers Use BadUSB to Deploy Ransomware on Defense Companies’ Systems, FBI Warns

Vlad CONSTANTINESCU

January 10, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hackers Use BadUSB to Deploy Ransomware on Defense Companies’ Systems, FBI Warns

Last week, the FBI released an updated flash alert warning US companies that the FIN7 cybercrime group could compromise their systems by delivering ransomware-ridden USB drives.

Reportedly, the perpetrators mailed packages to various US companies comprising “BadUSB (Bad Beetle USB)” devices misleadingly branded with the LilyGO logo to bypass their defenses.

The threat actor relied on the US Postal Service and UPS to deliver the malware-ridden packages to the companies. So far, the group targeted transportation and insurance companies from August of 2021 and shifted its focus towards defense companies since November of 2021.

Packets were cunningly disguised to appear legitimate, by including forged thank you notes, counterfeit gift cards and COVID-19 guidelines along with the malicious USB drives, according to several reports the FBI received. Presumably, the content of the decoy packages depends on the profile of the sender entity it mimics.

If the target plugs the malware-ridden USB drive into its computer, the system automatically registers the device as an HID (Human Interface Device) keyboard. This workaround enables the USB drive to operate even if the system has disabled the use of removable storage devices.

After registration, the BadUSB device relies on keystrokes to deploy malware payloads on the afflicted computers. Usually, the goal of these attacks is to access the victim’s network and deploy malware using tools such as Cobalt Strike, Metasploit, PowerShell scripts and Carbanak.

These attempts to compromise systems using BadUSB are not the first. Since May 2020, FIN7 supposedly sent various malicious packages containing malicious USB drives along with teddy bears to trick victims into lowering their guard.

This type of attack is commonly known as a USB drive-by or HID attack. They only succeed, of course, if the victim plugs the unknown USB device into its computer.

A sure way to fend off these cyber threats is to never plug any USB device into your PC, and always let your company’s security team scan them, should you ever receive such a package.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Moncler Confirms Data Breach After Ransomware Gang Advertises ‘Rich Customer’ Data on Leak Website Moncler Confirms Data Breach After Ransomware Gang Advertises ‘Rich Customer’ Data on Leak Website
Alina BÎZGĂ

January 19, 2022

2 min read
Europol Shuts Down Hackers’ Favorite VPN Service Europol Shuts Down Hackers’ Favorite VPN Service
Vlad CONSTANTINESCU

January 19, 2022

1 min read
Nine-year-old kids are launching DDoS attacks against schools Nine-year-old kids are launching DDoS attacks against schools
Graham CLULEY

January 19, 2022

2 min read