BadUSB is a

computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...

attack using

USB Universal Serial Bus (USB) is an industry standard that establishes specifications for cables, connectors and protocols for connection, communication and power supply (interfacing) between computers, peripherals and other computers. A broad ...

devices that are programmed with malicious software. For example,

USB flash drives A USB flash drive (also called a thumb drive) is a data storage device that includes flash memory with an integrated USB interface. It is typically removable, rewritable and much smaller than an optical disc. Most weigh less than . Since first ...

can contain a programmable

Intel 8051 The Intel MCS-51 (commonly termed 8051) is a single chip microcontroller (MCU) series developed by Intel in 1980 for use in embedded systems. The architect of the Intel MCS-51 instruction set was John H. Wharton. Intel's original versions were po ...

microcontroller, which can be reprogrammed, turning a USB flash drive into a malicious device. This attack works by programming the fake USB flash drive to emulate a keyboard, which once plugged into a computer, is automatically recognized and allowed to interact with the computer, and can then initiate a series of keystrokes which open a command window and issue commands to download malware. The BadUSB attack was first revealed during a

Black Hat Black hat, blackhats, or black-hat refers to: Arts, entertainment, and media * Black hat (computer security), a hacker who violates computer security for little reason beyond maliciousness or for personal gain * Black hat, part of black and white ...

talk in 2014 by

Karsten Nohl Karsten Nohl (born 11 August 1981) is a German cryptography expert and hacker. His areas of research include GSM, Global System for Mobile Communications (GSM) security, radio-frequency identification (RFID) security, and privacy protection. Lif ...

, Sascha Krißler and Jakob Lell. Two months after the talk, other researchers published code that can be used to exploit the vulnerability. In 2017, version 1.0 of the USG dongle, which acts like a hardware firewall, was released, which is designed to prevent BadUSB style attacks.

Criminal usage

In March 2020, the

FBI The Federal Bureau of Investigation (FBI) is the domestic Intelligence agency, intelligence and Security agency, security service of the United States and its principal Federal law enforcement in the United States, federal law enforcement age ...

issued a warning that members of the

FIN7 FIN7, also associated with GOLD NIAGARA, ITG14, and Carbon Spider, is a Russian criminal advanced persistent threat group that has primarily targeted the U.S. retail, restaurant, and hospitality sectors since mid-2015. A portion of FIN7 is run out ...

cybercrime group have been targeting companies in the retail, restaurant, and hotel industries with BadUSB attacks designed to deliver

REvil REvil (Ransomware Evil; also known as Sodinokibi) was a Russia-based or Russian-speaking private ransomware-as-a-service (RaaS) operation. After an attack, REvil would threaten to publish the information on their page ''Happy Blog'' unless the ra ...

or BlackMatter

ransomware Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or permanently block access to it unless a ransom is paid off. While some simple ransomware may lock the system without damaging any files, ...

. Packages have been sent to employees in IT,

executive management Senior management, executive management, upper management, or a management is generally individuals at the highest level of management of an organization who have the day-to-day tasks of managing that organization—sometimes a company or a corpor ...

, and

human resources Human resources (HR) is the set of people who make up the workforce of an organization, business sector, industry, or economy. A narrower concept is human capital, the knowledge and skills which the individuals command. Similar terms include m ...

departments. One intended target was sent a package in the mail which contained a fake

gift card A gift card also known as gift certificate in North America, or gift voucher or gift token in the UK is a prepaid stored-value money card, usually issued by a retailer or bank, to be used as an alternative to cash for purchases within a parti ...

from

Best Buy Best Buy Co. Inc. is an American multinational consumer electronics retailer headquartered in Richfield, Minnesota. Originally founded by Richard M. Schulze and James Wheeler in 1966 as an audio specialty store called Sound of Music, it was rebra ...

as well as a USB flash drive with a letter stating that the recipient should plug the drive into their computer to access a list of items that could be purchased with the gift card. When tested, the USB drive emulated a keyboard, and then initiated a series of keystrokes which opened a

PowerShell PowerShell is a task automation and configuration management program from Microsoft, consisting of a command-line shell (computing), shell and the associated scripting language. Initially a Windows component only, known as Windows PowerShell, it ...

window and issued commands to download malware to the test computer, and then contacted servers in

Russia Russia (, , ), or the Russian Federation, is a List of transcontinental countries, transcontinental country spanning Eastern Europe and North Asia, Northern Asia. It is the List of countries and dependencies by area, largest country in the ...

. In January 2022, the FBI issued another warning that members FIN7 were targeting transportation and insurance companies (since August 2021), and defense companies (since November 2021), with BadUSB attacks designed to deliver REvil or BlackMatter ransomware. These targets were sent USB drives in packages claiming to be from

Amazon Amazon most often refers to: * Amazons, a tribe of female warriors in Greek mythology * Amazon rainforest, a rainforest covering most of the Amazon basin * Amazon River, in South America * Amazon (company), an American multinational technology c ...

or the

United States Department of Health and Human Services The United States Department of Health and Human Services (HHS) is a cabinet-level executive branch department of the U.S. federal government created to protect the health of all Americans and providing essential human services. Its motto is ...

, with letters talking about free gift cards or COVID-19 protocols that were purportedly further explained by information on the USB drive. As above, when plugged in, the USB drives emulate a keyboard, and then initiate a series of keystrokes which open a PowerShell window and issue commands to download malware.

Criminal usage

References

Further reading