Expert On News: Bad USBs Sent To Best Buy Customers

A malicious USB device and letter was sent out that was in the guise of a gift card for Best Buy where users were thanked for being customers and the USB device supposedly had gifts customers could choose from up to $50.00. Instead, the USB contained a PowerShell code that installed a malicious JavaScript according to security researchers at Trustwave.

Experts Comments

March 30, 2020
Marc Gaffan
CEO
Hysolate
This is reminiscent of how phishing and some of the first ransomware attacks began - with physical mail. People would receive CD-ROMs or floppy disks in the mail claiming to have some valuable information or program on them. As soon as they insert it into their computer, the malware that was actually on the disk would execute, just as with this USB. This is a healthy reminder that phishing is not just in email format and users certainly can't trust the devices that are out there. That's why the .....Read More
This is reminiscent of how phishing and some of the first ransomware attacks began - with physical mail. People would receive CD-ROMs or floppy disks in the mail claiming to have some valuable information or program on them. As soon as they insert it into their computer, the malware that was actually on the disk would execute, just as with this USB. This is a healthy reminder that phishing is not just in email format and users certainly can't trust the devices that are out there. That's why the whole concept of zero trust first came to light. It's important for organizations to continue cyber security awareness training while also implementing policies (such as restricting use of external media) and solutions (such as OS isolation platforms) that can prevent even accidental end user errors from causing significant damage.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.