LEXINGTON PARK, Md. — Now that the holidays have wound down, you’ve received all your amazon purchases and packages, right? 

As we look forward to 2022, we start to recoup from the expenses of the holidays, and BAM! 

You receive a package from Amazon. 

Inside the box is a $500 Amazon gift card, a USB stick, and a letter that says something like, “We’re grateful for you being a loyal customer. We’ve sent you this $500 gift card, this USB stick contains a list of goods that you can choose from.”

We read this and think, “Holy cow, this is super nice of them.” Not thinking twice about it, we stick that USB stick into our computers, and BAM! Malware spreads like wildfire through all your files, gathering data and sending it to cybercriminals.

These USB devices also include malware that may contain a keystroke logger. What is a keystroke logger? Well, I’m glad you asked! 

This malware identifies the websites you visit and the username and password you use to log in. These items are sent back to the cybercriminals. This is commonly used in Financial Services, banking, and credit card attacks. There may also be data extraction or data encryption malware to hold your information for ransom. Your information can then be sold on the dark web.

On January 19, The Joint Strike Fighter (JSF) program put out a warning about this to all defense contractors including those at Patuxent River Naval Air Station. 

Per JSF, these attacks are originating in Russia from a group called the FIN7. JSF stated, “The enclosed USB is commercially available and known as a “BadUSB” or “Bad Beetle USB.” There is a “LilyGO” logo typically found on the device that would help identify it. When plugged into a computer system, the USB device automatically injects a series of keystrokes in order to download and execute malware to compromise the user’s system and the company network.”

These cybercriminals are also on to us knowing about these USB sticks and are getting smarter. On January 16, the New York Post also published an article about red flags from Amazon look-a-likes. These red flags include receipts sent to email addresses that look like they are from Amazon but are for things not purchased. A similar tactic is to send an email with a “there was a problem with your item, click here to track your order.” And you know exactly what happens when you click that link! These cybercriminals are looking for your money or trying to buy things with your money.

So how can we protect our assets? Don’t insert those USB drives. Don’t click on those links. Remember to look at the full email address. In the US if it’s not from @amazon.com, then it is NOT from Amazon.  

There are many layers we can use to prevent these crimes from succeeding before and even after a mistaken click or reading the wring USB drive. You will want to have a filter in place to block bad emails before they get to you and many layers of protection for your computer to prevent malware from running on a USB drive.

Anti-Virus and Malware protection software are commonly installed by the manufacturers of PCs when you buy them. This may make us feel safe because we “bought the subscription.” Still, a majority of the most common protection software packages offered in this way are not enough alone to prevent this type of attack. 

If you may have received one of these emails, or mis-clicked on something, be sure to change your passwords to your Amazon accounts and reach out to an IT professional to check your system for risky software.  

For more cyber security protection and information, contact Evolve Cyber Solutions. Evolve is a local native Southern Maryland family owned and operated business located in Lexington Park. Their mission is to bring enterprise grade cyber security centered IT support services to Southern Maryland local businesses at an affordable cost so we can all keep our families safe and promote the growth of an even stronger local private business community in the Tri-County area.



Evolve Cyber Solutions

Leave a comment

Your email address will not be published. Required fields are marked *