The FBI recently released a notice about cybercriminal group FIN7, according to a Bleeping Computer article, warning defense contractors to be wary of USB drives being sent through the mail. According to the notice, FIN7 is impersonating Amazon and the Department of Health & Human Services (depending on the target victim) in an effort to get them to plug in the USB drive.
The USB drives are “Bauds” or “Bad Beetle USB” devices with the Lily GO logo, and are commonly available for sale on the Internet. The drives register with the victim computer as a keyboard and include a wealth of hacker tools, including Metasploit, Cobalt Strike, Carbamic malware, the Griffon backdoor, and PowerShell scripts. The goal of these drives is to infect networks with either BlackMatter or REvil ransomware.
This is a real-world form of targeted attack that uses the same social engineering we commonly see in phishing attacks. Users that undergo continual security awareness training are already aware they should not be plugging in unknown USB drives – especially those sent unsolicited. These attacks could just as easily be turned into an access for sale attack, given the amount of control hackers have over the compromised endpoint. Be on guard.
Up for the “Most Meta Cybercrime Offering” award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites. More…
A new advisory warns of a scam that can affect literally anyone designed as a precursor to additional vishing scams and/or to perform Gmail account takeovers. If you’re unfamiliar with Google Voice, it is a service where Google provides you with a virtual phone number so you can make and receive calls and texts. Assuming you are unfamiliar with it, you may be wondering what’s all the excitement about?
According to a new FBI advisory entitled “Building a Digital Defense Against Google Voice Authentication Scams,” the FBI outlines a scam that involves a threat actor responding to a personal ad – they use the example of selling a couch on craigslist or some other site – and says they want to make sure you are legitimate so they don’t get scammed by sending you an authentication code from Google.
What’s really happening is the scammer is setting up Google Voice using your phone number as the primary number and using you to assist them with Google’s authentication process during setup.
Blog post with more details and links:
Do you have a business continuity plan? Thanks to Omicron, many businesses may have no choice but to close down soon. But you can be prepared.
If in doubt, don’t give it out! (And don’t forget that no reply is often a good reply.)
The motto of the gang was “In Fraud We Trust”, and they went by a dizzying range of online nicknames.
The company has put out a brief security report that summarises the ‘what’, but not yet the ‘how’ or ‘why’.
China, Iraq, Egypt and others have already put a stop to it, but don’t assume those bans are the reason for Bitcoin and Ethereum’s latest nosedives.