Expert Comments

Expert On News: Bad USBs Sent To Best Buy Customers

Expert(s): Security Experts
Expert(s): Security Experts

A malicious USB device and letter was sent out that was in the guise of a gift card for Best Buy where users were thanked for being customers and the USB device supposedly had gifts customers could choose from up to $50.00. Instead, the USB contained a PowerShell code that installed a malicious JavaScript according to security researchers at Trustwave.

Experts Comments

Dot Your Expert Comments
Marc Gaffan
March 30, 2020
CEO
Hysolate

This is reminiscent of how phishing and some of the first ransomware attacks began - with physical mail.
This is reminiscent of how phishing and some of the first ransomware attacks began - with physical mail. People would receive CD-ROMs or floppy disks in the mail claiming to have some valuable information or program on them. As soon as they insert it into their computer, the malware that was actually on the disk would execute, just as with this USB. This is a healthy reminder that phishing is not just in email format and users certainly can't trust the devices that are out there. That's why the .....Read More
This is reminiscent of how phishing and some of the first ransomware attacks began - with physical mail. People would receive CD-ROMs or floppy disks in the mail claiming to have some valuable information or program on them. As soon as they insert it into their computer, the malware that was actually on the disk would execute, just as with this USB. This is a healthy reminder that phishing is not just in email format and users certainly can't trust the devices that are out there. That's why the whole concept of zero trust first came to light. It's important for organizations to continue cyber security awareness training while also implementing policies (such as restricting use of external media) and solutions (such as OS isolation platforms) that can prevent even accidental end user errors from causing significant damage.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Fake Netflix App Allows Hackers to Hijack WhatsApp

Hackers Pretend To Be Your Friend In The Latest WhatsApp...

Millions Of Brits Still Using Pet’s Names As Passwords Despite...

Advertised Sites May Appear Genuine On First Glance

Facebook Ran Ads For Malware-ridden ‘Clubhouse for PC’

Linkedin Data Of 500 Million Users Being Sold Online

Experts Comments On Identity Management Day – Tuesday 13th April

Experts Perspectives On Verizon Mobile Sec Index: WFH The New...

What The Govt Is Missing From Its Recent Cybersecurity Improvement...

Experts Insight On CISA Advisory Regarding Attackers Targeting SAP