Another easily accessible threat factor is making its way into the US market. Add this threat to your lists of potential cyber-attacks against the company. Make yourself and your company aware of the issue and take the necessary precautions against infiltration.
The US has recently been targeted with an infiltration of USB devices and gift cards designed to carry out cyber-attacks against the users, according to an announcement from the FBI. One indicator is that the USB devices may have the recipient's name written on them in marker.
“The US Federal Bureau of Investigation says that FIN7, an infamous cybercrime group that is behind the Darkside and BlackMatter ransomware operations, has sent malicious USB devices to US companies over the past few months in the hopes of infecting their systems with malware and carrying out future attacks.” (The Record).
Companies should be on the lookout for these malicious devices to prevent a cyberattack from occurring. As the new year turns, now would be a good time to readdress proper USB protocol with employees.
These types of attacks are not new, but there is a growing concern over the number of devices being brought into the US.
“The gang is using weaponized USB devices with the LilyGO logo, which are sent to the victims via United States Postal Service and United Parcel Service. FIN7 using this technique to target businesses in the transportation and insurance industries since August 2021, while it started targeting defense firms since November 2021. The operators impersonate Amazon and the US Department of Health & Human Services (HHS) to trick the victims into opening the packages and plugging the BadUSB devices into their systems.” (Security Affairs).
The group uses a variety of software and tools to carry out their attacks. Companies should be aware of these tactics and how the attacks are carried out to better protect themselves against ransomware.
“In the attacks analyzed by the FBI, the attack would run PowerShell commands to download and install malicious payloads, including BlackMatter and REvil ransomware. The FIN7 group used a broad range of tools and malware such as Metasploit, Cobalt Strike, PowerShell scripts, Carbanak, GRIFFON, DICELOADER, TIRION.” (Security Affairs).
With the new year upon us it is a fantastic time to have your organization review and modify existing cyber security policies around portable media an acceptable use policy for USB drives.
Your employees cyber security awareness is the first line of defense in prevention of this threat vector.
Sources:
The Record. https://therecord.media/fbi-fin7-hackers-target-us-companies-with-badusb-devices-to-install-ransomware/
Security Affairs. https://securityaffairs.co/wordpress/126439/breaking-news/fin7-badusb-attacks.html
