Sometimes, the best strategy is an old-fashioned one, and sadly some criminal elements might be using that nugget of wisdom to spread malicious software to unsuspecting victims. In Australia and the UK, there have been reports of USB thumb drives being delivered, most likely by hand, to physical mailboxes. And while these branded memory sticks look innocent, they are rarely so. The few that have been analyzed revealed to contain malware, ransomware even, designed to hold users’ data hostage for a price to be paid to hackers.
It is both an amusing and yet also worrying turn of events. As users become more wary of clicking on random links or suspicious emails, hackers and even government spies are left to look for new ways to con people into infecting their computers themselves. At the same time, it shows the boldness of these people in taking such risks.
And risk these operations are. Based on reports, the envelopes these USB come in are unmarked and unstamped, leading authorities to believe that the envelopes were delivered by hand, which runs the risk of the perpetrators being seen, even identified. Not to mention the possible physical forensic evidence left on these items. Still, the prospect of a payload, be it in cash (or bitcoins) or data, or both, seems to be reason enough for these people.
And unsurprisingly, there still some that do get duped eventually. Some play on the natural curiosity of humans. Other go for an outright lie, masquerading the USB sticks as offers from some subscription service or similar. Sadly, perhaps due to the fact that it’s a relatively novel strategy, targets let their guard down.
That said, the same advice that was given back in the days when computer viruses ran rampant inside hard drives, USB drives, and even floppy disks, still applies. Do not simply insert any external storage that comes from unverified or untrusted sources. Especially those that come in suspicious white envelopes.
SOURCE: New York Times