Dura-Tech joins together with LeadingIT Learn more

Return to blog malware usbs - phishing scams
March 10, 2022 | By stephen
Share
Share

FBI Warns of Hackers Mailing Ransomware-Infected USBs

The FBI recently released a warning to all US organizations to be cautious with unsolicited mails with USBs. The agency says that cyber actors use this new trick to introduce malware into corporate networks. This article explains how these malware-infected USBs work, who is responsible and highlights how to keep your Chicagoland organization safe from ransomware.

VIDEO: Be Suspicious | LeadingIT 062

Who Is Sending These Infected USBs?

According to the FBI, FIN7 is responsible for the attacks, which experts now call the “Bad Beetle USB” campaign. FIN7 is an infamous Eastern European hacker group known for running BlackMatter and Darkside ransomware operations. So far, we know that they have sent most of the malicious USBs to organizations in the insurance, transportation, and defense industries. However, this doesn’t mean that companies in other sectors are safer. FIN7, like most cybercriminal groups, has a history of not discriminating targets based on size or industry. They attack any business that is vulnerable and able to pay the ransom.

How the Malicious USBs Sticks Work

The hackers dispatch the USBs through United Parcel Service and the United States Postal Service. They impersonate Amazon or the US Department of Health and Human Services. It may be challenging to identify these malicious mails because, in some cases, the actors have been corresponding with targets since August last year.

Most of the mails impersonating the Department of Health and Human Services have letters with COVID-19 safety updates and an embedded USB. Those imitating Amazon generally come in attractive gift boxes with well-crafted thank-you notes, fraudulent gift cards, and a USB. The FBI has observed that all the malicious USBs are LilyGo-branded.

The USBs have malware. When a user plugs them in, the malware automatically registers as a Human Interface Device (HID) keyboard. After registering as an HID keyboard, your PC starts downloading malware strains into your system.

If you’ve been keen on cybersecurity for some time, you know that this is not the first time FIN7 has used the USPS to trick unsuspecting employees. Sometimes, in 2020, they used the same trick on retail businesses, hotels, and restaurants. In the May 2020 campaign, the hacker group mailed teddy bears and even called targets to persuade them to plug the USBs.

Currently, it’s not clear if FIN7 compromised or stole any company’s files and credentials. Whatever the case, the incident reminds us of how ambitious the bad guys are in compromising corporate networks.

Phishing Is Still the Biggest Threat

According to a study by CSO Online, eight out of ten cybersecurity incidents begin as phishing campaigns. Similar research by Symantec shows that 65% of hacker groups use spear-phishing as the primary infection vector.

What do these figures mean? A cyberattack only begins once the bad guys have access to your networks. If they can’t get in, they can’t launch an attack. Simple. For instance, in the FIN7 Bad Beetle USB campaign, targets had to plug in the flash drives to their PCs for the USBs to register as HID keyboards.

Even as cyberattacks become more sophisticated by the day, most of them still depend on one technique—phishing. Phishing refers to malignant characters impersonating known entities to dupe employees into divulging their logins or installing malicious software. The most common type is email phishing, where the attackers send emails with malicious attachments to targets. If you open the attachment, your PC immediately installs malware or directs you to a page that mines your credentials. As we’ve learned from the FIN7 incident, the bad guys are continually looking for new phishing techniques. So, if you thought your email spam filters were enough, you might need to reconsider your stance.

Employee Cyber-Awareness Training Is Critical Every Single Day

Cybinit estimates that proper employee training can prevent 95% of all data breaches. And reasonably so—9 out of 10 cyberattacks stem from employee negligence.

As we’ve demonstrated, cyber actors continually advance their techniques. They always find ways to bypass intrusion detection and prevention systems. But one thing is constant; they rely on unsuspecting employees. So, the more cyber-aware your staff is, the less your chances of becoming a victim.

Proper employee cybersecurity training takes employees through various cyberattack vectors, identifying common tricks and prevention mechanisms. At LeadingIT, we help clients launch simulated attacks to measure readiness levels. These simulations can also help you pinpoint weak points that the bad guys can use to your disadvantage.

If there’s one big takeaway from the FIN7 incident, employee cyber awareness training is crucial in the war against cybercrime. Intrusion detection and prevention technologies will come and go, but an educated staff is your first line of defense.


LeadingIT offers 24/7, all-inclusive, fast, and friendly technology and cybersecurity support for nonprofits, manufacturers, schools, accounting firms, religious organizations, government, and law offices with 10-200 employees across the Chicagoland area.

Let Us Be Your Guide In Cybersecurity Protections
And IT Support With Our All-Inclusive Model.

Meet with us