Posted on January 9, 2022 at 6:11 PM
The FBI has warned that threat actors are sending malicious USB flash drive devices via mail to different US firms to plant ransomware ad carry out attacks.
As super-fast 5G networks are springing up and the use of online devices surges, hackers are taking the opportunity to infiltrate systems and steal sensitive information, As a result, many companies are now offering rewards to ethical hackers who can successfully dislodge their security systems before black hackers do.
Based on the report by BleepingComputer, the FBI warned that the threat actors named FIN7 are sending malicious packages to different computers, with each of the packages containing malware-spreading flash drives.
The Hackers Pretend To Be From U.S. Agencies
Additionally, the FBI also noted that the threat actors are pretending to be from the e-commerce giant Amazon or the US Department of Health and Human Services. They trick their targets into receiving the ransomware packages.
The FBI also discovered that that the package the threat group has been delivering to their targets includes a bogus letter on the guidelines for COVID-19 from Amazon online gift cards or the HHS. The Bureau also confirmed that the hacking incident has been ongoing since August last year.
Also, it has received reports that several packages containing USB have been delivered to US businesses in the defense, insurance, and transportation industries. According to the FBI, the suspicious packages are delivered through the United Parcel Service or via United States Postal Services.
Apart from the letters of impersonation, the Bureau noted that the packages also contain a Lily Go USB hard drive that could be used to install ransomware to the computers of targeted users.
Additionally, the USB drive on the package can be used to execute a BadUSB attack when they are connected to the targeted computer.
The report also noted that the threat actors use a thumb drive on the BadUSB attack to install itself in the system and act like a keyboard device rather than a USB flash drive. Afterward, it can launch attacks on the infected computer when it carries out automated keystrokes.
It then proceeds to download and install malware on the targeted computer, and subsequently attack the entire network connected to the computer, leading to another successful attack.
The BadUSD Delivered Some Of The Most Notorious Ransomware
The FBI also noted that the BadUSD attack is responsible for delivering two of the most notorious ransomware out there, namely Revil and Black matter to the networks of the targeted victims.
The attackers are hoping that their targets will be deceived to stick the ransom USB stick into their systems, which creates the opportunity for ransomware attacks or the deployment of other malicious software.
These threat actors delivering the malicious sticks have done their homework to make sure that they look genuine. As a result, the FBI has warned
FIN7 is a notorious sophisticated cybercriminal gang that has reportedly stolen more than $1 billion through various ransomware ad financial-hacking schemes.
It has also been linked to popular ransomware families in the past. Cybersecurity researchers have also stated that the threat group has gone as far as establishing fake cybersecurity companies to recruit IT talents for its malicious operations.
Most researchers have described them as innovative, and always change their attack methods to have more opportunities to deceive their targets.
Users Have Been Warned To Be Very Cautious
Although it may seem absurd for anyone to plug a ransom USB stick into a computer that is exactly what several people do when they have the opportunity. In some instances, a threat actor may knowingly leave a malicious drive in a company’s parking lot with the hope that someone with less security consciousness would pick it and plug it into the computer’s drive.
This is not the first time threat actors have used USB as a vector for ransomware attacks. In September last year, some ransomware groups approached workers of some organizations ad tried to unleash ransomware on their computers to gain more access to their company’s servers. Just like the latest act, they used sticks in the hope that the employees will plug them into their computers. There have been other recent similar developments, and employees have been advised to be vigilant against these forms of attacks.
Security researchers other agencies have warned users not to accept gifts from strangers. Also, if they are not sure where a USB stick came from, it’s better not to plug them in their system to avoid infecting their system with malware.