Home SecurityNetwork Security BadUSB explained: How rogue USBs threaten your organization

BadUSB explained: How rogue USBs threaten your organization

In January 2022, the FBI issued a public warning over a USB attack campaign in which numerous USB drives, laced with malicious software, were sent to employees at organizations in the transportation, defense, and insurance sectors between August and November 2021. The USBs came with fake letters impersonating the Department of Health and Human Services and Amazon, sent via the U.S. Postal Service and UPS. The campaign has been dubbed “BadUSB,” and the FIN7 hacker organization has been named as the culprit. Here is what you need to know about BadUSB and mitigating the risks of this USB attack.

BadUSB definition

“The BadUSB attack provides the victim with what looks like a physical USB stick and a lure to plug it into the victim’s system, such as promising a gift card as a thank you or invoices that need to be processed,” explains Karl Sigler, senior security research manager at Trustwave SpiderLabs. His malware research team initially discovered the campaign in 2020 while examining a malicious thumb drive as part of a forensic investigation for a U.S. hospitality provider.

“The USB drive is actually configured as a USB keyboard, and the computer will identify it and configure it as such,” he tells CSO. “Once inserted, the USB keyboard will automatically start typing and will typically invoke a command shell and inject commands to download malware.”

Security threats posed by BadUSB

BadUSB, when successful, acts as an initial downloader for anything from credential grabbers to backdoors and ransomware, Sigler says. These types of attacks are often discussed among security professionals, but are not common. Given the rarity of the attack, it is likely effective in a lot of situations, he adds.

“This attack vector may be an attempt to exploit the work-from-home trend,” wrote Cybereason chief visionary officer and co-founder, Yossi Naar. “There are fewer guard rails and an increase in the likelihood a user will plug into a work computer or to their home network, to which their work computer is also connected.”

Naar also noted that some organizations or departments routinely employ USB thumb drives and people are therefore more likely to use a USB storage device without suspicion. “That would make this tactic more effective,” he continued, warning that once attackers have gained a foothold, they can escalate privileges or conduct reconnaissance from the inside.

Copyright © 2022 IDG Communications, Inc.

Source link

Related Articles

Leave a Comment