Cybercriminal group mails malicious USB dongles to targeted companies>
CSO Online, from IDG, from IDG – Lucian Constantin
Security researchers have come across an attack where an USB dongle designed to surreptitiously behave like a keyboard was mailed to a company under the guise of a Best Buy gift card. This technique has been used by security professionals during physical penetration testing engagements in the past, but it has very rarely been observed in the wild. This time it’s a known sophisticated cybercriminal group who is likely behind it. The attack was analyzed and disclosed by security researchers from Trustwave SpiderLabs, who learned about it from the business associate of one of their team members. Ziv Mador, vice president for security research Trustwave SpiderLabs, tells CSO that a US company in the hospitality sector received the USB sometime in mid-February. The package contained an official-looking letter with Best Buy’s logo and other branding elements informing the recipient that they’ve received a $50 gift card for being a regular customer.
Link: https://www.csoonline.com/article/3534693/cybercriminal-group-mails-malicious-usb-dongles-to-targeted-companies.html?utm_source=Adestra&utm_medium=email&utm_content=Title%3A%20Cybercriminal%20group%20