Jeff Goldblum’s character Ian Malcom said in Jurassic Park, “Nature always finds a way.” So do criminals. They introduce a new virus strain that uses new-found weaknesses to breach networks and Cybersecurity reacts with new defenses, so they find another way.
Word of this scam has been circulating among the IT Support Los Angeles Community for some time. Most IT services providers are aware of it. If your IT support alerts you to any new style of threat – take it seriously.
There are two main tactics to a cyber-attack strategy:
1) The breach - getting in.
2) Once in, hiding or immediately crippling the system.
With a virus like Ransomware, the victim is aware of the breach as soon as it happens as their system is locked and their data encrypted. The lockout screen gives directions on how to pay the ransom in cryptocurrency in order to decrypt the data and unlock the system.
Some malware slithers its way in and quietly starts copying and sending out the victim’s data, and nobody is any the wiser.
But the real trick – and the one businesses and IT support most need to be ahead of is the initial breach – how they get in. Even the best Cybersecurity measures cannot stop an end-user from unwittingly allowing malware into the system.
Cyber Crooks still rely heavily on their most popular tactic: Phishing scams. They change-up and concoct better ruses to dupe end users into clicking a link or opening an attachment in a malicious email. But as people get wise to them and more companies institute a standardized Security Awareness Training regimen, they seek out other ways to get in.
Reputable and responsible IT support firms – especially Managed IT Services providers
The USB Flash Drive Scam
Documented as early as 2019, the flash drive scam started slowly and steadily picked steam as criminals perfected their deception. Originally targeting the defense, transportation, and insurance industries, the victim base has greatly expanded over the last two years.
A ‘FREE’ flash drive arrives in the US mail. It seems to come from a trusted source – early crooks posed as the Department of Health and Human Services (HHS) referencing guidelines for the COVID pandemic – which they provide in the USB drive, and online retailers like Amazon, where a forged ‘Thank You’ gift card was attached, with a flash drive containing either instructions on how to activate the card or a list of items that can be purchased with the card.
At this point, these malicious flash drives are coming from a lot of phony sources – any retailer, healthcare providers, and any one of a number of government agencies.
If you receive a flash drive you were not expecting, report it to your IT HelpDesk - DO NOT PLUG IT IN! As soon as the connection is made, the malware floods into your workstation and continues to the greater network. The method of discovering any viruses on a flash drive through plugging it in, opening ‘My Computer’, and right clicking on the flash drive icon to ‘Scan for Viruses’ is the worst possible thing to do in this case. That method is for examining well-used drives with a variety of downloaded data to see if you picked up any malware in your downloading.
We at IT Support LA encourage our clients to take advantage of our standing free offer to play ‘Cyber War Games’, which includes sending Phishing emails to the staff to see who clicks the link or attachment. Another ploy we have used is to have a flash drive dropped on the floor in a common area. Once plugged in, we get an alarm that identifies the workstation. That flash drive should have been given to management to be examined by the in-house IT support or the outsourced Managed IT Services provider – NOT plugged in to see what’s on it.
Frequently Asked Questions
Q: What is ransomware in simple words?
A: Simply put, it is malware that encrypts the victim’s data making it unusable to the victim, then demands a ransom for its decryption. Loss of data and the use of the network is devastating to any organization.
Q: How can you tell if an email is phishing?
A: Firstly: It doesn’t feel right.
You receive an email with a subject line like “I thought you’d get a laugh out of this.” Inside is a link or attachment supposedly promising hilarity. EXCEPT – it comes from a person who never sends you this type of thing.
Generic greetings: When somebody who knows your name calls you ‘Dear colleague’ or Dear valued customer’, the hair on the back of your neck should stand up.
Unlikely ‘stories’: Trust me – no Nigerian Prince with 100 million dollars in a frozen account is going to contact you and offer a healthy reward for sending him 5 thousand bucks to free his funds. Ain’t Gonna Happen.
Bad spelling and grammar: It seems strange, but crooks can’t spell – maybe English is not their first language.
Inexact address: If you think you received an email from IT Support LA, and the sender’s address is ‘[email protected]’. It seems silly, but we get about 4-5 calls a year from hardware or software vendors following up on a fraudulent purchase order. Easily identified by asking the vendor if there is only one P in ‘support’.
Seeks sensitive information: Any entity that asks you to verify your account number or password is highly suspect. The IRS is NOT going to email you to have you confirm your Social Security Number (SSN). EVER.
The FBI offers a fount of information on this subject HERE. Psst! Don’t give them your SSN either.
Q: What are malicious USB devices?
A: Thumb or flash drives are the USB vehicle of choice for malware. They are small, easy to deliver and can contain many different types of malware. The damage is done as soon as they are plugged in.
Q: What should security awareness training include?
A: For more information, please look at our IT Support LA page on the subject HERE.
Find out how well your Cybersecurity stands up:
IT Support LA offers a FREE, no-risk network and security assessment to all companies in the Greater Los Angeles area with a minimum of 10- computers and 1 server. No strings, no obligation.
Just fill out the form on this page or call us at:
818-805-0909