Infosecurity Group Websites
Latest
News

Threat Group Lures Victims with Teddy Bears

A threat group is using gift cards, sweet-faced teddy bears, and the United States Postal Service to carry out a new physical phishing campaign. 

The deceptive ruse has been identified as the work of FIN7, otherwise known as the Navigator Group and the Carbanak Group. 

Victims receive a new furry friend in their mailbox together with a gift card, a malicious USB drive, and a fake letter purporting to be from the customer relations department of Best Buy. The scam lures victims into plugging the bad drive into their computer with the promise of a freebie.

The letter states: "Best Buy company thanks you for being our regular customer for a long period of time, so we would like to send you a gift card in the amount of $50. You can spend it on any product from the list of items presented on a USB stick."

If the recipient inserts the flash drive into their computer, it infects their device with a JavaScript backdoor called GRIFFON.

After discovering the scam, the Federal Bureau of Investigation issued a flash alert warning to businesses. 

“Recently, the cybercriminal group FIN7, known for targeting such businesses through phishing emails, deployed an additional tactic of mailing USB devices via the United States Postal Service (USPS). The mailed packages sometimes include items like teddy bears or gift cards to employees of target companies working in the Human Resources (HR), Information Technology (IT), or Executive Management (EM) roles,” warned the FBI.

The USB device used by FIN7 is a commercially available tool known as a "BadUSB" or "Bad Beetle USB" device. Schemes that make use of such malicious USBs are known as "Bash Bunny" attacks. 

Sticking with the animal theme, similar attacks, which rely on the victim's using a malicious USB stick that is in reality a malicious USB keyboard preloaded with keystrokes, are called "Rubber Ducky" attacks. 

According to MITRE, FIN7 is a financially motivated threat group that has primarily targeted the US retail, restaurant, and hospitality sectors since mid-2015, often using point-of-sale malware. In 2017, the group became known for sending stores and corporate offices a string of food poisoning complaints with malicious attachments in a threat campaign dubbed FINdigestion.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Chinese #COVID19 Conspiracy Theories Date Back to January

2
News

‘Secure’ Backup Company Leaks 135 Million Records Online

3
News

Ransomware Attackers Exploit #COVID19 to Target Hospital VPNs

4
News

Cyber-Attacks Up 37% Over Past Month as #COVID19 Bites

5
News

Zoom Phishers Register 2000 Domains in a Month

6
News

Key Ring App Data Leak Exposes 44 Million Images

1
News

Google Mobility Reports Show Impact of Lockdown

2
Webinar

Advanced Protection Against Zero Day Threats and Malware

3
News

Threat Group Lures Victims with Teddy Bears

4
Opinion

Remote Workforce Security: Protecting People, Protecting the Enterprise

5
News

Washington State Legalizes Restricted Use of Facial Recognition Technology

6
Webinar

The Power of Continuous AppSec and How to Achieve It

1
Webinar

The Impact of #COVID19 on the Infosec Industry

2
Webinar

Zero Trust: A Cybersecurity Essential and the Key to Success

3
Webinar

How to Build a Program to Manage Your Third Parties and Supply Chain

4
Webinar

Using SIEM to Protect Against Top Cybersecurity Threats

5
Webinar

2FA or MFA: Which Authentication is Right for Your Business?

6
Webinar

AI in Security: Keeping Up with the Trend

1
News Feature

Infosec Industry Shows Compassionate Side Amid #COVID19 Pandemic

2
Interview

Interview: Doug Dooley, COO, Data Theorem

3
Blog

Best Practices in Designing a Data Decommissioning Policy

4
News Feature

The Unique Dangers Posed by #COVID19 Phishing Scams

5
Opinion

Respecting Data Privacy Rights Through Data Encryption

6
Interview

Interview: Len Shneyder, Co-Chair, Election Security Working Group, M3AAWG