Hackers Have Been Sending Malware-Filled USB Sticks to U.S. Companies Disguised as Presents
The "malicious USB stick" trick is old but apparently it's still wildly popular with the crooks.
Friendly-looking USB sticks are a vector for malware distribution as old as the internet itself and, apparently, they’re still quite popular with the criminals.
On Thursday, the FBI warned that a hacker group has been using the US mail to send malware-laden USB drives to companies in the defense, transportation and insurance industries. The criminals’ hope is that employees will be gullible enough to stick them into their computers, thus creating the opportunity for ransomware attacks or the deployment of other malicious software, The Record reports.
The hacker group behind this bad behavior—a group called FIN7—has gone to great lengths to make their parcels appear innocuous. In some cases, packages were dressed up as if they were sent by the US Department of Health and Human Services, with notes explaining that the drives contained important information about COVID-19 guidelines. In other cases, they were delivered as if they had been sent via Amazon, along with a “decorative gift box containing a fraudulent thank you letter, counterfeit gift card, and a USB,” according to the FBI warning.
This little scheme appears to have been going on for at least several months—as the FBI says it originally began receiving reports about such activity as far back as last August.
Hackers Have Been Sending Malware-Filled USB Sticks to U.S. Companies Disguised as Presents
The "malicious USB stick" trick is old but apparently it's still wildly popular with the crooks.
Friendly-looking USB sticks are a vector for malware distribution as old as the internet itself and, apparently, they’re still quite popular with the criminals.
On Thursday, the FBI warned that a hacker group has been using the US mail to send malware-laden USB drives to companies in the defense, transportation and insurance industries. The criminals’ hope is that employees will be gullible enough to stick them into their computers, thus creating the opportunity for ransomware attacks or the deployment of other malicious software, The Record reports.
The hacker group behind this bad behavior—a group called FIN7—has gone to great lengths to make their parcels appear innocuous. In some cases, packages were dressed up as if they were sent by the US Department of Health and Human Services, with notes explaining that the drives contained important information about COVID-19 guidelines. In other cases, they were delivered as if they had been sent via Amazon, along with a “decorative gift box containing a fraudulent thank you letter, counterfeit gift card, and a USB,” according to the FBI warning.
This little scheme appears to have been going on for at least several months—as the FBI says it originally began receiving reports about such activity as far back as last August.
[Read More](https://gizmodo.com/hackers-have-been-sending-malware-filled-usb-sticks-to-1848323578)
![Avoid That USB Stick [1165x654 - 29KB]](https://pic8.co/sh/5Qhg1z.jpg){kind=link}
(post is archived)