Cybersecurity attacks are becoming more and more innovative, and it’s important to stay alert. A new threat related to USB sticks has emerged and we’re here to keep you informed.
The FBI recently warned against a hacker group called FIT7 that’s sending malware-ridden USB drives to companies in the insurance, defense and transportation industries. FIN7’s goal is for these companies to fall for their trick and insert the USB drives into their computers, which would give the hackers an opportunity for ransomware attacks or deployment of malicious software.
FIN7 isn’t cutting corners — they’re going to great lengths to make the USB sticks look harmless. Some packages have been disguised as “important COVID-19 guidelines” coming from the US Department of Health and Human Services. Others appear to come from Amazon, containing a fraudulent thank you letter, a counterfeit gift card and a USB.
The FBI notes that attacks from FIN7 have been going on for a while now, receiving reports about suspicious activity going back as far as last August.
FIN7 is reported to have stolen over $1 billion through their financial hacking schemes. The group has been connected to prominent ransomware families, and they seem to cover all the bases — they’ve even created a fake cybersecurity company to recruit IT talent for their criminal endeavors.
You might be thinking, “Why would anyone stick a random USB into their computer?” We agree! But studies have shown that a lot of people will do this out of curiosity — hence the popularity of the “drop trick” where someone will drop a USB in a company parking lot in hopes that an employee will pick it up and plug it in out of curiosity.
Take all of this as a warning — stay vigilant, don’t accept bribes and if you’re not sure where a USB drive came from, it’s probably best not to touch it. Remember: the Trojan Horse looked appealing to the Trojans, but it ended up costing them everything.