Comment on FBI warning of cybercriminals mailing USBs that install ransomware
January 2022 by Joseph Carson, chief security scientist at ThycoticCentrify
Following the news around the FBI warning that hackers are sending malicious USB drives to workers to launch cyber attacks on specific industries - Joseph Carson, chief security scientist at ThycoticCentrify offers the following comment:
“It is no surprise that attackers will continue to use known successful methods at gaining initial access such as social engineering scams that get humans to plug malicious USB devices into their computer USB ports.
A recent cybercriminal trend was sending electronic gifts such as battery power banks and USB-powered fans that require USB connections for power. However, rather than looking for the nearest wall socket to plug them into, recipients chose the nearest device - the laptop computer.
Most victims don’t realise that behind the scenes, those devices are BadUSB’s that pretend to be a computer keyboard launching commands and downloading malicious software to install and execute. It is even possible that many USB cables are also being used to perform malicious activities with hidden HID payloads waiting for the right device to be connected.
Today all users should be aware that plugging any unknown USB device can be maliciously stealing credentials, passwords or downloading malicious software. It is always important to verify where the device came from and use a USB Data Blocker when possible that will prevent the USB device from infecting systems.”