Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security IT Technology

Rare BadUSB Attack Detected in the Wild Against US Hospitality Provider (zdnet.com) 38

A US hospitality provider has recently been the target of an incredibly rare BadUSB attack, ZDNet has learned from cyber-security firm Trustwave. From a report: The attack happened after the company received an envelope containing a fake BestBuy gift card, along with a USB thumb drive.The receiving company was told to plug the USB thumb drive into a computer to access a list of items the gift card could be used for. But in reality, the USB thumb drive was what security experts call a "BadUSB" -- a USB thumb drive that actually functions as a keyboard when connected to a computer, where it emulates keypresses to launch various automated attacks.
This discussion has been archived. No new comments can be posted.

Rare BadUSB Attack Detected in the Wild Against US Hospitality Provider

Comments Filter:
  • In the old days (Score:3, Informative)

    by OrangeTide ( 124937 ) on Thursday March 26, 2020 @10:28AM (#59873686) Homepage Journal

    We'd call the front desk and trick the receptionist into typing commands in for us.

    While social engineering has come a long way technologically, there is a certain respect I have for people who don't need to use props for their con-art.

    • There is something to getting more done with less effort, props or not.

    • and the old trick the receptionis with fake bills in the mail as well.

    • We'd call up a manager and claim to be IT and that the password database had crashed. Because we know this guy needs his access now (he doesn't), we're going to call him up directly to reset his password first. Pro-active IT handling the big problem, right? What would he like his new password to be? Most often, same as the current one.

      OK sir, give me about 15 minutes and you should be able to log right back in. Have a great day.

    • Re: (Score:2, Insightful)

      Seriously, you and those replying to you all seem to be proud of yourselves. Fucking assholes.

      And yet, I'm the one who'll get modded down to hell for this post, by other fucking assholes like you.

    • by PPH ( 736903 )

      We'd call the front desk and trick the receptionist into typing commands in for us.

      Receptionist: "Just a moment sir while I load a fresh ribbon in the typewriter."

  • Boy, somebody sure had it in for that hospitality provider (whatever that is), didn't they?

    • Re:Motive? (Score:5, Interesting)

      by guruevi ( 827432 ) on Thursday March 26, 2020 @10:57AM (#59873776)

      This certainly isn't the first, it's just the first that for some reason someone reported on. I get virus-laden USB crap in the mail all the time.

      Typically from some company trying to sell me something and ordering a crap-ton of USB sticks from China which nearly guaranteed have a virus or something else on them that's auto-loading.

      I haven't personally had a BadUSB yet, but I know others have, once in a while a security company will do that as a stunt and it just opens up Notepad and types a message - doesn't work on a Linux VM though.

      • This certainly isn't the first, it's just the first that for some reason someone reported on. I get virus-laden USB crap in the mail all the time.

        Some virus laden USB stick is not the same as using BadUSB, an exploit that typically requires intimate knowledge of the target system in order to execute the attack.

        doesn't work on a Linux VM though.

        No. Neither does the USB stick because you haven't passed it through to the VM, which is precisely the first thing someone would do. After this, it'll work just fine in your Linux instance too.

      • What's funny is that there'll come the time these attacks target macOS. There may be a good chance such an attack would bring up a terminal, run curl and execute the payload.

        And I bet it would be trivial to have that run in your Linux VM too :)

  • WTF, is autorun still a thing in Windows?

  • I thought windows was locked down these days ?

    Arguably you could also attack a misconfigured Linux / Unix machine where someone put sudo / doas with no password globally.

    But you have to enable that on a sane distribution

    • Comment removed based on user account deletion
      • but then how will we get our Best Buy prizes?
        • by NFN_NLN ( 633283 )

          > but then how will we get our Best Buy prizes?

          1. Go to Best Buy
          2. Grab whatever you want
          3. Show the guy at the door your prize claim form / USB stick
          4. Profit

      • by PPH ( 736903 )

        How the fuck do you lock-down against a keyboard?

        Real operating systems don't grant regular users with the permissions needed to do damage to the OS or file resources owned by other users. The BadUSB script would have to know a user's password assuming that they have a properly configured suid, or the root password. Having a password prompt appear with no preceding action on the user's part should prompt sudden panic, terror and the urge to back out of whatever might have triggered that. Like pulling an unknown USB stick out and hitting it with a large ha

        • Real operating systems don't grant regular users with the permissions needed to do damage to the OS or file resources owned by other users.

          Malware does not need administrative privileges to exfiltrate or encrypt files in a user account.

          Having a password prompt appear with no preceding action on the user's part should prompt sudden panic

          The preceding action was to plug in the peripheral, which in the user's mind triggered a password prompt to install what is passed off as a driver for this peripheral.

      • by tepples ( 727027 )

        Locked down? How the fuck do you lock-down against a keyboard? You think any company is going to make it hard for a person to replace a broken (drink spilled on it, for example) keyboard?

        Do it like Microsoft with Xbox 360 and Xbox One controllers. Ignore all keyboards that fail to perform a challenge-response authentication.

  • For a while they have sold various forms of this tech - including custom logic hardware built into a USB thumbdrive. It works as a keyboard and uses easily workable script for customizing attacks. Its extremly effective and virtualy unstopable - however it requires physical access so whatever
  • The best part is the Gengar that shows up repeatedly in the "Source: Trustwave" chart. I wonder if they licensed him from Nintendo? Which Pokemon would be used to represent white hats?

  • ... MacBook Air users were lining up to obtain what might finally be a working keyboard for their laptops.

  • ... attempts to contact a server IP located in Moscow, Russia. Hosted by vdsina.ru.

    On a side note: Why isn't the 'US hospitality provider' identified? It wouldn't by any chance be a Trump hotel, would it?

    • It wouldn't by any chance be a Trump hotel, would it?

      Because these stories rarely ever identify the victim unless it moves their stock price. Don't let common sense get in the way of your conspiracy though, or get in the way of the delusion that any company is smarter than Trump's

"Hello again, Peabody here..." -- Mister Peabody

Working...