[ad_1]
Picture: Brina Blum
The Federal Bureau of Investigation (FBI) warned US corporations in a not too long ago up to date flash alert that the financially motivated FIN7 cybercriminals group is concentrating on the US protection business with packages containing malicious USB units.
The attackers are mailing packages containing ‘BadUSB’ or ‘Dangerous Beetle USB’ units with the LilyGO emblem, generally obtainable on the market on the Web.
The packages have been mailed through the USA Postal Service (USPS) and United Parcel Service (UPS) to companies within the transportation and insurance coverage industries since August 2021 and protection companies beginning with November 2021.
FIN7 operators impersonate Amazon and the US Division of Well being & Human Companies (HHS) to trick the targets into opening the packages and connecting the USB drives to their programs.
Since August, reviews acquired by the FBI say that these malicious packages additionally comprise letters about COVID-19 tips or counterfeit reward playing cards and cast thanks notes, relying on the impersonated entity.
After the targets plug the USB drive into their computer systems, it routinely registers as a Human Interface Gadget (HID) Keyboard (permitting it to function even with detachable storage units toggled off). It then begins injecting keystrokes to put in malware payloads on the compromised programs.
FIN7’s finish purpose in these assaults is to entry the victims’ networks and deploy ransomware inside a compromised community utilizing varied instruments, together with Metasploit, Cobalt Strike, Carbanak malware, the Griffon backdoor, and PowerShell scripts.
Malware pushed utilizing teddy bears
These assaults comply with one other sequence of incidents the FBI warned about two years in the past when FIN7 operators impersonated Greatest Purchase and mailed related packages with malicious flash drives through USPS to lodges, eating places, and retail companies.
Reviews of such attackers began surfacing again in February 2020. A number of the targets additionally reported that the hackers emailed or known as to strain them into connecting the drives to their programs.
Starting with at the very least Might 2020, malicious packages despatched by FIN7 additionally included gadgets corresponding to teddy bears designed to trick the targets’ into reducing their guard.
Assaults like these tried by FIN7 are often called HID or USB drive-by assaults, they usually can solely achieve success if the victims are prepared to or tricked into plugging unknown USB units into their workstations.
Firms can defend in opposition to such assaults by permitting their workers to attach solely USB units based mostly on their {hardware} ID or in the event that they’re vetted by their safety staff.
[ad_2]