Don’t insert USB drives from unknown sources, including if they’re addressed to you in the post.
A cybercrime group has been mailing out USB thumb-drives in the hopes that recipients will plug them into their PCs and thus install ransomware on their networks, according to the FBI. The USB drives contained so-called ‘BadUSB’ attacks and were sent in postal mail through the United States Postal Service and United Parcel Service. One type contained a message impersonating the US Department of Health and Human Services and claimed to be a COVID-19 warning. Other malicious USBs were sent in the post with a gift card claiming to be from Amazon. BadUSB exploits the USB standard’s versatility and allow an attacker to reprogram a USB drive to, for example, emulate a keyboard to create keystrokes and commands on a computer, install malware prior to the operating system booting, or to spoof a network card and redirect traffic.
