1 min read

Hackers Use BadUSB to Deploy Ransomware on Defense Companies’ Systems, FBI Warns

Vlad CONSTANTINESCU

January 10, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hackers Use BadUSB to Deploy Ransomware on Defense Companies’ Systems, FBI Warns

Last week, the FBI released an updated flash alert warning US companies that the FIN7 cybercrime group could compromise their systems by delivering ransomware-ridden USB drives.

Reportedly, the perpetrators mailed packages to various US companies comprising “BadUSB (Bad Beetle USB)” devices misleadingly branded with the LilyGO logo to bypass their defenses.

The threat actor relied on the US Postal Service and UPS to deliver the malware-ridden packages to the companies. So far, the group targeted transportation and insurance companies from August of 2021 and shifted its focus towards defense companies since November of 2021.

Packets were cunningly disguised to appear legitimate, by including forged thank you notes, counterfeit gift cards and COVID-19 guidelines along with the malicious USB drives, according to several reports the FBI received. Presumably, the content of the decoy packages depends on the profile of the sender entity it mimics.

If the target plugs the malware-ridden USB drive into its computer, the system automatically registers the device as an HID (Human Interface Device) keyboard. This workaround enables the USB drive to operate even if the system has disabled the use of removable storage devices.

After registration, the BadUSB device relies on keystrokes to deploy malware payloads on the afflicted computers. Usually, the goal of these attacks is to access the victim’s network and deploy malware using tools such as Cobalt Strike, Metasploit, PowerShell scripts and Carbanak.

These attempts to compromise systems using BadUSB are not the first. Since May 2020, FIN7 supposedly sent various malicious packages containing malicious USB drives along with teddy bears to trick victims into lowering their guard.

This type of attack is commonly known as a USB drive-by or HID attack. They only succeed, of course, if the victim plugs the unknown USB device into its computer.

A sure way to fend off these cyber threats is to never plug any USB device into your PC, and always let your company’s security team scan them, should you ever receive such a package.

tags


Author



Right now

Top posts

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Zuckerberg sued in Washington after district attorney general makes him ‘personally responsible’ for Cambridge Analytica fiasco Zuckerberg sued in Washington after district attorney general makes him ‘personally responsible’ for Cambridge Analytica fiasco
Alina BÎZGĂ

May 26, 2022

1 min read
Darknet Market ‘Versus’ Shutting Down After Critical Exploit Leak Darknet Market ‘Versus’ Shutting Down After Critical Exploit Leak
Vlad CONSTANTINESCU
2 min read
FTC Fines Twitter $150 Million for Using 2FA to Generate Ad Revenue FTC Fines Twitter $150 Million for Using 2FA to Generate Ad Revenue
Filip TRUȚĂ

May 26, 2022

2 min read