Known for cocaine smuggling and gang-related crimes, Ecuador faces a new threat type: USB letter bombs.
Recently, five different newsrooms had journalists receive letters with explosive devices lodged in what looked like standard USB drives (reference).
Appearing to be standard USB drives, the flash drive would detonate when plugged into a computer, causing explosions in the targeted newsrooms across Ecuador. As reported by the local TV channel, police, and the Associated Press, no one was hurt in the small explosion.
Malicious USB Drives
“Killer” flash drives follow a recent trend of criminals and terrorists using tech devices to deploy bombs. In this case, when the USB drive is plugged into a computer, it explodes which may cause serious injury via grenade-style shrapnel shreds.
Malicious devices are typically disguised to look like a standard device, prompting the recipient to detonate the device bomb in their computer unknowingly. There is rarely any clue the device has been tampered with until it explodes.
Signs of Malicious Devices or Messages
While it is nearly impossible to know if you receive a malicious device, the old phishing rules also ring true for devices.
4 Questions to Ask Before Plugging a USB Drive Into Your Computer
- Were you expecting a USB drive?
- Do you know who the sender is?
- If there is an accompanying message or letter, does it contain any errors or misplaced text?
- Did you confirm with the sender by phone that they mailed you a USB drive?
These attacks follow a similar pattern to email phishing attacks. Recipients should be aware of the “SLAM” method for preventing phishing attacks and ask the above four questions to reduce the prevalence of cyberattacks.
Trend: Criminals Turning to Tech Devices
According to Ecuador’s President Guillermo Lasso, the country has recently experienced increased violence due to competition between drug trafficking gangs competing for territory and control. The USB letter bombs mark a new strategy in the turf war across the country.
While it’s not likely you’ll be sent an explosive USB device in the US, there are lessons we can learn from this. Educating employees on the dangers of phishing and device attacks, recognizing the signs, and frequent reporting will help reduce risk to your organization.
A comprehensive cybersecurity plan should include employee education about attack risk and signs to help stop preventable attacks. If you are interested in talking with a member of the PK Tech team about establishing a better cybersecurity plan for your business, get in touch with us here.