Malware On A USB Stick Coming To A Mailbox Near You

February 2, 2024

The FBI issued a warning to be careful where you stick that USB stick. According to recent reports, the FBI is aware of a financially motivated group of cyber criminals who are sending out malware infected USB sticks in the mail or having them delivered by the United Parcel Service (UPS). Packages were sent to companies in the transportation and insurance areas at the end of 2021. Recently, the U.S. Defense industry was targeted. The FBI is urging recipients of USB sticks to avoid inserting the harmful drives into their IT devices.

The particular sticks they are concerned with contain BadUSB or Bad Beetle USB and are purported to be from organizations such as Amazon or the U.S. Department of Health and Human Services. The packaged that arrived in their reporting also contained a logo widely available for sale on the Internet-- LilyGo. The USB sticks are configured to register as a keyboard device after being plugged in to a device, making it seem like they are legitimate. This could allow the attacker the ability to execute commands on behalf of the logged-in user and install malware.

To really confuse the recipients of the packages, it was also reported to the FBI that the packages containing the malicious sticks also included COVID-19 guideline letters or fake gift cards with forged “thank you” notes.

According to Bleeping Computer, the groups end goal in these attacks is to gain access to networks and deploy ransomware such as BlackMatter and REvil ransomware into the system. They use familiar tools such as MetasploitCobalt StrikeCarbanak malware, the Griffon backdoor, and PowerShell scripts to do this.

Once again, this is a good reminder to back up your data to a separate drive. This not only applies to organizations, but also to the home users. Ransomware can hit anywhere, anyone, at any time and they do not discriminate. The requested $10,000 (or any other sum) is the same whether it’s from a business or from someone sitting at home. If your data is backed up, you can avoid having to pay ransom and restore from the backup.

Also, the best thing to do is avoid inserting that stick in the first place. Attacks like these are known as HID or USB drive-by attacks. They can only succeed if victims are willing to or are tricked into plugging these USB devices into their computers. If you aren’t expecting it, aren’t familiar with the sender, don’t use it. If you just don’t quite know what to do, that’s the time to ask for assistance from an IT professional.

Stickley on Security