FIN7 Mails Malicious USB Sticks to Drop Ransomware

2022-01-11 17:06

Ransomware gangs are mailing malicious USB drives, posing as the U.S. Department of Health and Human Services and/or Amazon to target the transportation, insurance, and defense industries for ransomware infection, the FBI warned on Friday.

FIN7 got into the ransomware/data exfiltration game, with its activities involving REvil or Ryuk as the payload. The FBI said that over the past several months, FIN7 has mailed the malicious USB devices to US companies, in hopes that somebody would plug in the drives, infect systems with malware and thus set them up for future ransomware attacks.

BadUSB attacks exploit an inherent vulnerability in USB firmware that enables bad actors to reprogram a USB device so it can act as a human interface device - i.e., as a malicious USB keyboard preloaded with automatically executed keystrokes.

In 2020, the Trustwave SpiderLabs cybersecurity research team initially discovered these USB thumb drive attacks being sent to some of its customers, with the malicious devices similarly contained within packages impersonating Amazon and HHS. This latest attack is a carbon copy of the 2020 attack, when the FBI siilarly issued a public alert that named FIN7 as the culprit.

"These attacks are triggered by a USB stick emulating a USB keyboard, so an end-point protection software that can monitor access to command shells should take care of most issues," Sigler said via email.

For critical systems that don't require USB accessories, physical and software-based USB port blockers may also help prevent this attack, Sigler added.

News URL

https://threatpost.com/fin7-mailing-malicious-usb-sticks-ransomware/177541/

#fin7 #ransomware #USB