Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Camaro Dragon APT Group Continues to Employ USB Devices as Initial Attack Vector

    USB Based Ransomware AttackApparently expanding efforts outside of Southeast Asian countries, this threat group’s known malware has shown up in a European healthcare facility, raising concerns for USB-based attacks.

    You’d think that literally no one uses USB drives anymore, making them a very improbable attack vector. And yet, the Camaro Dragon APT group has been tracked by security researchers at Check Point for well over a year, with them finding instances of attacks throughout all of last year and into this year.

    Their main payload, dubbed “WispRider,” has undergone enhancements during that time, now hosting a number of impressive features, including:

    • Backdoor access to the infected endpoint
    • Propagation via USB devices using the HopperTick launcher
    • DLL side-loading by exploiting security solution components
    • Bypassing the SmadAV antivirus (a solution popular in Southeast Asian countries)
    • Disguising malware folders as legitimate security vendor file locations

    Simply put, Camaro Dragon’s attacks not only establish backdoor access on a compromised endpoint, but also spread itself to newly connected removable drives – putting the use of USB thumb and external drives at risk of becoming an accomplice.

    And with these attacks showing up in Europe, it means that this APT group can no longer be considered a geo-specific threat.

    We recommend the blocking of access to USB drives whenever possible (and not required for a given role within the organization), and security awareness training to educate users on the dangers of using unknown USB devices.

     

    Return To KnowBe4 Security Blog

    Free USB Security Test

    On average 45% of your users will plug in USBs. Find out now what your user’s reactions are to unknown USBs, with KnowBe4's new Free USB Security Test. Download our special, "beaconized" file onto any USB drive. Then label the drive with something enticing and drop the drive at an on-site high traffic area. If an employee picks it up, plugs it in their workstation and opens the file, it will "call home" and report the "fail" to your KnowBe4 console. And for Office documents, if the user also enables macros (!), additional data is tracked and geomapped.

    USBHow your free 7-day USB Security Test works:

    • Fill out the form, and immediately...
    • Download "beaconized" Word, Excel or PDF files
    • Copy to any USB Drive, label and drop it
    • Reports on opens and if macros were enabled
    • Takes just a few minutes to set up

    Test Your Users

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/usb-security-test

    Topics: Security Awareness Training, Cybersecurity

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews