The US Federal Bureau of Investigation is warning that an infamous cybercrime group that is behind previous ransomware operations has sent malicious USB devices to US companies over the past few months in the hopes of infecting their systems with malware and carrying out future attacks.
These drives would execute a “BadUSB” attack where the USB drive would register itself as a keyboard instead and send a series of preconfigured automated keystrokes to the user’s PC, giving the hackers backdoor access using PowerShell commands. The hackers usually pretended to be from the US Department of Health & Human Services or from Amazon as a means to trick their ransomware targets.
Companies can defend against such attacks by allowing their employees to connect only USB devices based on their hardware ID or if they’re vetted by their security team.
Please make sure all employees know the origin of a USB thumb drive before inserting into a computer.