I saw this and thought this is interesting enough to share, and to remind people that hacking is not always about ‘over the Internet’, email and attachments.
The FIN7 hacking group is distributing malware through the U.S. Postal service – sending users USB sticks in the mail. If users plug the stick in, it installs a backdoor on their computer. Some of the packages have included gift cards and teddy bears.
From https://www.bleepingcomputer.com/news/security/fbi-hackers-sending-malicious-usb-drives-and-teddy-bears-via-usps/ FBI: Hackers Sending Malicious USB Drives & Teddy Bears via
Packages have been seen appearing to have come from BestBuy with a loyalty reward in the form of a $50 gift card with the USB drive containing information on eligible products.
A reminder from Neely from SANS:
It remains imperative to not insert unknown or untrusted media in systems. Right now many users are working from home outside many of the normal corporate security controls, so increased attention to work-from-home security measures is appropriate. Also, while enabling controls which limit the insertion of removable media to approved devices only will help raise the bar, the current environment makes it attractive for the user to insert these into their personal devices, so be sure to include that scenario in your awareness training.
Daniel Weatherly
Director of Security Services
Mainstream Technologies Inc.
501-801-6706
