Hackers used snail-mail to send a letter with a USB drive containing malware to a hotel supply company in the US. A US hotel service provider was recently the target of an extremely rare BadUSB attack.
| Join the channel Telegram of the AnonyViet 👉 Link 👈 |
Hacker’s BadUSB attack method targets banks
The company received a request to plug the USB into the computer to access the list of usable gift cards (free reference).
But in reality, this USB drive is what security experts call “BadUSB”. The USB acts as a keyboard when connected to a computer, where it can simulate key presses to launch various automated attacks.
In a report published todayTrustwave says that once they have the BadUSB plugged into the PC, it triggers a series of keystrokes that automatically launch a PowerShell command.
This Powershell command downloaded other Powershell scripts from a website and then installed malware on the victim’s PC – a JScript-based bot.
“At the time of our analysis, we did not find a similar type of malware,” said Phil Hay, senior research director at Truswave.
“That malware was not known to us. It’s hard to say if it’s custom-built, but it’s probably because it can’t spread to other machines and seems to have been set up to be targeted,” added Phil Hay.
However, Trustwave researchers also say that from their initial analysis, a file similar to malware was uploaded to VirusTotal, a Web-based file scanning tool. According to analysis from researchers at Facebook (where is he) and Kaspersky, this file is believed to be the work of a group of hackers called FIN7.
BadUSB attacks like these are rare in the real world. The first attacks were discovered in the early 2010s, and for years, employees were often warned about this type of attack.
“These types of attacks are often simulated in penetration testing and used as an exercise for Red Team”Hay said.
The BadUSB attack was last detected in December 2018 by Kaspersky. That attack is called Bash Bunny.
At the time, the company said it had found BadUSB devices, along with cheap laptops and Raspberry Pis, located at eight banks in Eastern Europe. Banks called Kaspersky to investigate a series of mysterious robberies in which hackers stole tens of millions of dollars.
The lesson learned from this case is that when you see a strange usb, don’t plug it into your PC. It is best to go to the Net and then plug in whatever you want.
