Australian Police warns of malware-laden USB drives left in letterboxes

The Police in the Australian State of Victoria issued a warning to the local population of malware-laden USB drives left in letterboxes.

USB drives are a privileged vector of attack, security experts have demonstrated that it is possible to hide malicious code in memory stick that could compromise almost every computer.

We are aware that found USB drives in a parking work could be exploited by attackers to deliver cyber threats, but the number of victims is still high due to the lack of awareness.

This summer, at Black Hat USA 2016, the security researcher Elie Bursztein demonstrated the dangers of found USB drive and explained how to create a realistic one.

The expert  dropped 297 USB drives on the University of Illinois Urbana-Champaign campus in six different locations, the devices were able to take over the PC of the unaware user that will find the key.

“Despite the dangers of hackers, viruses and other bad things, almost half of those who found one of our flash drives plugged it into a computer,” explained Bursztein.

Bursztein demonstrated that a smart attacker can camouflage a malicious USB drive outfitted with a Teensy development board that could be used to hack a target’s computer in a few seconds.

48 percent of USB drives were picked up by passers and plugged into a computer, and the unaware users also tried to open the file within.

This week the Police in the Australian State of Victoria issued a warning to the local population of malware-laden USB sticks left in letterboxes.

The authorities are asking residents in Pakenham to not trust un-marked USB sticks that appear in their letterboxes.

“The USB drives are believed to be extremely harmful and members of the public are urged to avoid plugging them into their computers or other devices.”

“Upon inserting the USB drives into their computers victims have experienced fraudulent media streaming service offers, as well as other serious issues.” reads the warning.

“The USB drives are believed to be extremely harmful and members of the public are urged to avoid plugging them into their computers or other devices. Below is an image of USB drives similar to those believed to be involved in the scam.”

Unfortunately, similar attackers in the wild could use a similar technique to spread their malware, watch out USB drives left unattended in public places of during meetings and conferences.

At the time of the warning, only the suburb of Pakenham in Victoria’s capital Melbourne has experienced the malicious USB sticks drop, but we cannot underestimate the problem.

Let me remind you the attempted cyberespionage plot relied on USB drives planted in company parking of the Dutch chemical giant DSM in 2012.

The USB drives used in that case were containing a keylogger designed to exfiltrate sensitive data from the company.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.

APPLY NOW