Showing posts with label #USB. Show all posts
Showing posts with label #USB. Show all posts

Wednesday, October 18, 2023

Yet Another USB Cautionary Tale

Duped with a malicious USB...

Mr Burgess (ASIO Director General Mike Burgess) referenced an unnamed Australian company that found global success making a product "similar to a motion detector" before their sales suddenly dropped.

"A little while later, their product started being returned to the factory because they were broken," he said.

"When they opened their branded products, they discovered they weren't their branded products, because the components were inferior, they were exact knock-offs."

The problem was eventually traced to an international conference, where someone had offered to share information with one of the company's employees by plugging a USB into their laptop.

"That USB downloaded malware onto that laptop, which later on, when they were connected back to their corporate network, was used to steal their intellectual property," he said.

"That intellectual property was passed from the intelligence services to state-owned enterprise that mass-produced the goods and sold them on the market that undercut them." more

More USB Security Information...

 • USB – Hacked Charging Cables

• USB – Malicious Spy Cable Detector Instructions

• USB – General Memory Stick Warning

• USB – Malicious Cables

• USB – NSA Type Cable Bug – $6.74

Extra USB Spy News - Government entities in the Asia-Pacific (APAC) region are the target of a long-running cyber espionage campaign dubbed TetrisPhantom. "The attacker covertly spied on and harvested sensitive data from APAC government entities by exploiting a particular type of secure USB drive, protected by hardware encryption to ensure the secure storage and transfer of data between computer systems," Kaspersky said in its APT trends report for Q3 2023. more

Thursday, April 13, 2023

The Mail Room Guy and the USB Spy Cable

Someone "lost" a USB charging cable. You found it. Lucky you? Maybe not...

USB spy cables look exactly like legitimate ones... exactly. 

In this example, the competition has paid an inside employee (the Mail Room guy) to drop a few cables around certain parts of the corporate headquarters. They didn't tell him why. And, he doesn't care. Why should he? He gets $50 per cable dropped.

Once plugged in, the cable takes control of your device. (cell phone, laptop, desktop, etc.) All your data becomes accessible. Next, pre-loaded penetration tools spring into action.

The connection can be used as a pivot point to attack other computers on the network. This is controlled remotely by the spy/hacker, via Wi-Fi to the internet, or via their nearby smartphone.

Once the hacker has infiltrated your network, more data can be extracted, viruses planted, or a ransomware attack staged. Obviously, this is dangerous in a business environment.

Recommendations:
• Mark your cables so if swapped you'll notice.
• Call us. We test USB cables as part of our debugging sweeps.
• If you use our services, we will give you a free test instrument so you can test new cables yourself.

Saturday, March 25, 2023

Journalist Plugs in Unknown USB Drive Mailed to Him

...it exploded in his face

Although these are just a few examples, they should be enough to preclude one from inserting a mysterious, unsolicited USB drive mailed to them into a computer. Unfortunately, one Ecuadorian journalist didn't get the memos. more

In case you missed our memo...

USB Memory Security Recommendations

  • Block ports with a mechanical port block lock.
  • Place security tape over that.
  • Create a “no USB sticks unless pre-approved” rule.
  • Warn employees that a gift USB stick could be a Trojan Horse gift.
  • Warn employees that one easy espionage tactic involves leaving a few USB sticks scattered in the company parking lot. The opposition knows that someone will pick one up and plug it in. The infection begins the second they plug it in.
  • Don’t let visitors stick you. Extend the “no USB sticks unless pre-approved” rule to them as well. Their sticks may be infected.

Trending… IBM Takes The USB Memory Security Lead

USB Memory Security - Thumbs Down“IBM has allegedly issued a worldwide ban against the the use of removable drives, including Flash, USB, and SD cards, to transfer data.

This new policy is being instituted to prevent confidential and sensitive information from being leaked due to misplaced or unsecured storage devices.

According to a report by The Register, IBM’s global chief Information security officer Shamla Naidoo issued an advisory stating that the company “is expanding the practice of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive).” This advisory further stated that this policy is already in effect for some departments, but will be further enforced throughout the entire company.” more

Wednesday, November 30, 2022

Espionage Group Using USB Devices to Hack Targets

USB devices are being used to hack targets in Southeast Asia, according to a new report by cybersecurity firm Mandiant.

The use of USB devices as an initial access vector is unusual as they require some form of physical access — even if it is provided by an unwitting employee — to the target device.

Earlier this year the FBI warned that cybercriminals were sending malicious USB devices to American companies via the U.S. Postal Service with the aim of getting victims to plug them in and unwittingly compromise their networks...

The hackers behind it are concentrating on targets in the Philippines. The researchers assess the group has a China nexus, although it did not formally attribute the cyber espionage operation to a specific state-sponsored group. more

Tuesday, October 20, 2020

The Most Underrated Threat to Corporate Information Security

Sharp spike in internet sales of USB spy cables has corporate security and IT directors concerned. Murray Associates researched and developed a solution. 

• Malicious USB cables look exactly like the real thing.
• Some act as eavesdropping bugs.
• Some have GPS tracking capability.
• The worst ones… more  pdf

Wednesday, October 7, 2020

Apple T2 Security Chip Has Unfixable Flaw

Intel Macs that use Apple's T2 Security Chip are vulnerable to an exploit that could allow a hacker to circumvent disk encryption, firmware passwords and the whole T2 security verification chain, according to team of software jailbreakers.... 

On the plus side, however, it also means the vulnerability isn't persistent, so it requires a "hardware insert or other attached component such as a malicious USB-C cable" to work. more 

Malicious USB cables are the latest, and arguably the most insidious, threats on the corporate information security landscape. Every USB cable on premises, and those being used elsewhere by employees, needs to be vetted for authenticity. Security directors are enlisting the aid of technical counterespionage consultants to perform this task.

Sunday, September 20, 2020

How to Detect Malicious USB Cables

A malicious cable is any cable (electrical or optical) which performs an unexpected, and unwanted function. The most common malicious capabilities are found in USB cables. Data exfiltration, GPS tracking, and audio eavesdropping are the primary malicious functions...

The worst malicious cables take control of a user’s cell phone, laptop, or desktop...

We purchased and tested several malicious USB cables. From what was learned during these tests our technical staff developed several new inspection protocols.

 more

Can’t identify the bugged cable?
No worries. You can’t tell just by looking, even we can’t.

That’s why we put a small black mark on it.
It is Cable 3.