Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

3/27/2020
04:00 PM
100%
0%

Malicious USB Drive Hides Behind Gift Card Lure

Victims are being enticed to insert an unknown USB drive into their computers.

Malicious actors are hoping the lure of a free gift card will be strong enough to convince people to throw caution to the wind and plug an unknown USB drive into their computers. The drive, which came attached to what purported to be a Best Buy gift card, supposedly contained a list of items for which the gift card could be used. What it actually contained was quite different.

According to researchers at Trustwave, the USB drive was actually an Arduino microcontroller ATMEGA32U4 programmed to emulate a USB keyboard. Since USB keyboards are trusted devices on most systems, malicious commands can easily be injected.

In this case, the malicious commands were a series of obfuscated PowerShell commands that ultimately uploaded full system configuration data to a command-and-control server and then awaited further instruction. The researchers warn that no unexpected USB drives should be inserted into production systems, no matter how large the gift card they're attached to.

Read more here.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: " How to Evict Attackers Living Off Your Land."

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/30/2020 | 10:00:35 PM
Re: Good Ol Days
testers would scatter these around corporate parking lots and see who plugged them in. Yes. We actually did this myy previous company. Too many people plugged them in.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/30/2020 | 9:59:20 PM
Re: Old fashion
However, you should never plug an unknown USB in without a hardware writeblock....ever. Agree with this as well. If you found a ISB drive not worth to plug in to your computer.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/30/2020 | 9:58:13 PM
Re: Old fashion
They are smal and lightweight and much faster transfer times then cloud. Agree. Quick way to transfer your files to conferences. That is how I use them.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/30/2020 | 9:56:54 PM
Re: Old fashion
These kind of articles are always attractive and I am happy to find so many good point here in the post, Agree. Helpful information as well.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
3/30/2020 | 9:55:33 PM
Re: Old fashion
I actually still use USB drives, just to keep some backups.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
3/30/2020 | 9:55:16 AM
Good Ol Days
Reminds me of the good ol' days when pen testers would scatter these around corporate parking lots and see who plugged them in. 

Not exactly identical but brings me back.
RyanSepe
100%
0%
RyanSepe,
User Rank: Ninja
3/30/2020 | 9:54:23 AM
Re: Old fashion
Yeah, now they are at the point where they can hold a TB of data. They are smal and lightweight and much faster transfer times then cloud. However, you should never plug an unknown USB in without a hardware writeblock....ever.
gamingdish
100%
0%
gamingdish,
User Rank: Apprentice
3/30/2020 | 8:24:24 AM
Re: Old fashion
These kind of articles are always attractive and I am happy to find so many good point here in the post, writing is simply great, thanks for sharing.
homemart
50%
50%
homemart,
User Rank: Apprentice
3/30/2020 | 1:37:44 AM
Re: Old fashion
I read your article it is very informative for me. 

 
raoshrishty
50%
50%
raoshrishty,
User Rank: Apprentice
3/28/2020 | 3:34:05 AM
Re: Old fashion
Why this are old fashoin? can you elaborate. 

Regard: Freefox Media
Page 1 / 2   >   >>
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Cybersecurity Spending Hits 'Temporary Pause' Amid Pandemic
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13890
PUBLISHED: 2020-06-06
The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard.
CVE-2020-13889
PUBLISHED: 2020-06-06
showAlert() in the administration panel in Bludit 3.12.0 allows XSS.
CVE-2020-13881
PUBLISHED: 2020-06-06
In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used.
CVE-2020-13883
PUBLISHED: 2020-06-06
In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, and WSO2 IS as Key Manager 5.9.0 and earlier, Management Console allows XXE during addition or update of a Lifecycle.
CVE-2020-13871
PUBLISHED: 2020-06-06
SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late.