BAD USB: Attack on a SHUT DOWN Computer | Real Experiment

Sumsub

28 May 202311:16

Summary

TLDRThis video script narrates the alarming threat posed by 'BadUSB' devices, which can be disguised as everyday flash drives. The FBI has reported on such devices sent to various companies, containing malware from the notorious Fin7 hacking group. The video demonstrates how these devices, when plugged into a computer, can execute malicious code, acting as a keyboard to input commands. It also discusses the potential for remote control and the use of social engineering to trick victims. The script concludes with advice on prevention, including using whitelist software for USB devices and exercising caution when handling unfamiliar devices.

Takeaways

🚨 The FBI has been receiving reports of malicious packages sent to companies in various sectors, including transportation, insurance, and defense, with two variants mimicking official communications and gifts.
💡 The packages contain flash drives that are part of a hacking campaign by the group FIN7, known for their advanced encryption tools and dark web activities.
🔍 The video demonstrates how such a flash drive can be used to infiltrate a system, showing the changes it makes when connected to a computer.
🛡️ The video introduces 'Suub', a platform for online address verification, and discusses the importance of verifying addresses to prevent such attacks.
🔑 The flash drive in question is a 'BadUSB' device, capable of acting as a keyboard and executing malicious code remotely.
🔬 Upon connection, the BadUSB device opens an execution window and runs code from an attacker's server, indicating a hardware-based attack.
🔒 The video emphasizes the need for caution, suggesting that only pre-approved devices should be connected to computers to prevent unauthorized access.
🕵️‍♂️ Social engineering plays a key role in these attacks, with the flash drive often used as a decoy to trick victims into plugging it into their computers.
💻 The video explains that even locked computers can be vulnerable to 'delayed RCE' attacks, where the BadUSB waits for the computer to be unlocked before executing malicious code.
🔄 The cost of creating such devices is low, making them easily accessible and widespread, which poses a significant threat to cybersecurity.
🛡️ The video concludes with advice on using whitelisting software and exercising common sense to protect against these types of attacks.

Q & A

What has the FBI been receiving reports about since August 2021?
-The FBI has been receiving reports about several packages sent to US companies in transportation, insurance, and defense, which contained fake flash drives mimicking messages from HHS US or Amazon gifts.
Which hack group was discovered to be behind the sent flash drives?
-The hack group FIN7, known for their dark side and black matter encryption tools, was discovered to be behind the flash drives.
What is the purpose of the fake flash drives as described in the video?
-The fake flash drives are designed to execute malicious code on the connected computer, potentially giving the attackers remote access and control over the system.
What is the 'bad USB' mentioned in the script, and what can it do?
-The 'bad USB' is a malicious device that appears as an ordinary flash drive but is capable of causing irreparable damage to data by executing harmful commands on the connected computer.
What is the significance of the Arduino Pro Micro board found inside the bad USB?
-The Arduino Pro Micro board inside the bad USB is used as a microcontroller to execute the programmed malicious actions, such as acting as a keyboard to input commands or keystrokes.
How does the bad USB device bypass suspicion when plugged into a computer?
-The bad USB device bypasses suspicion by mimicking a regular USB plug and using social engineering to make the package seem authentic, such as including convincing letters and fake gift cards.
What is the role of the keylogger in the bad USB attack?
-The keylogger running on the computer records all keystrokes, which can later be used by the attacker to gain sensitive information or perform unauthorized actions.
What is the ssub platform, and how does it relate to the video script?
-The ssub platform is an online address verification platform that helps prevent attacks by verifying the authenticity of addresses in various industries. It is mentioned in the script as a way to enhance security.
What is the 'delayed RCE' mentioned in the script, and how does it work?
-Delayed RCE (Remote Code Execution) is a technique where the bad USB is programmed to send keystrokes at specific intervals, aiming to catch the moment when the computer is turned on and unlocked, allowing the attacker to gain access without immediate detection.
What are some of the methods to prevent bad USB attacks as suggested in the video?
-Some methods to prevent bad USB attacks include using specialized software to allow only pre-approved devices, implementing a whitelist of USB devices based on their unique vendor and product IDs, and exercising caution by not inserting unfamiliar devices into computers.
What is the final recommendation for users to protect themselves from bad USB attacks?
-The final recommendation is to use common sense and caution, only plug in devices from trusted sources, and use safe, clean computers without important data or internet access for testing suspicious devices.