According to the FBI, a cybercrime group is mailing out physical USB drives hoping that the potential victims connect them to their computers. They also made sure to impersonate the U. Department of Health and Human Services. That USB drive will then be spreading the virus onto other computers if the operating system on those machines has an AutoRun-type feature enabled.
The AutoRun function in Windows launches installers and other programs automatically when a flash drive or CD is inserted. The Mac has an equivalent function, according to Ollmann. For that reason, people should disable any AutoRun features and manually launch programs when using a flash drive, he said. A virus also can be embedded in what looks like a normal file on a USB device, so that even if AutoRun is disabled, the computer will become infected when the file is opened.
Thumb drives aren't the only culprits; any device that plugs into a USB port--including gadgets like lights, fans, speakers, toys , even a digital microscope --can be used to spread malware, Ollmann said. The devices can be infected during the manufacturing or supply chain process if quality control measures are not adequate, he said.
It is a good idea to always be wary of packages, especially if you are not expecting one. The cybercriminals have attempted to mimic legitimate institutions and companies to convince the unwitting to plug the USB drives into their devices. There were two different kinds of packages. The other package was supposedly a "thank you" gift from Amazon that included a counterfeit gift card.
Both packages contained the USB drives. The FBI has warned the US defense industry that a cybercrime group is mailing malicious flash drives to companies in an attempt to infect the target networks with malware. These parcels sometimes contained Covid letter guidelines, and other times counterfeit gift cards, or thank you notes.
Paired with these are flash drives with the LilyGO logo on them, which are relatively common online. The devices carried malware which, as soon as plugged in, registers as a Human Interface Device HID Keyboard, allowing it to remain operational even after the drive was removed from the computer.
It then starts installinfg additional malware, with the end goal, according to the FBI, to install one of the more popular ransomware strains.
0コメント