Hackers are nothing if not creative. When it comes to uncovering previously unknown vulnerabilities in Google products and services or earning big money from Microsoft bug bounty programs, that’s a good thing. Perhaps less so if zero-day vulnerabilities are being sought for sale to the Russian government, or those skills are being used for purely malicious purposes. We have all got used to reading about how best to mitigate the risk of hackers attacking your smartphone, or Windows computer, and hardware threats continue to evolve as recent reports of attackers using your GPU to steal your passwords prove. But now it would appear that your humble USB flash drive is in the hacking crosshairs. Here’s what you need to know about the flash drive data-stealing Goffee threat.
ForbesGmail And Microsoft 2FA Security Bypass — Take Action Now, Users ToldBy Davey Winder
Goffee Hackers Target USB Flash Drive Data
You probably haven’t heard of this particular threat actor before; I can’t say that I had to be honest, and I spent my entire life immersed in threat intelligence. Maybe it’s time to wake up and smell the Goffee.
This advanced persistent threat hacking group has been active since at least 2022, but it wasn’t until the second half of 2024 that threat intelligence experts, primarily in Russia, started to take it very seriously indeed. The reason is that Goffee was targeting strategic sectors in Russia, including government agencies, critical infrastructure such as energy providers, as well as media and telecoms. A new report from Kaspersky threat intelligence analysts has revealed how the Goffee hackers are targeting the data held on removable USB flash drives. Although these attacks are still, apparently, limited to Russian victims, the technology used could easily be aimed at anyone, anywhere. As such, it’s imperative to take note and take mitigating action.
ForbesWindows Users Given 24-Hour Warning As Attackers StrikeBy Davey Winder
MORE FOR YOU
Trump Issues Huge Fed Challenge—Sparking Stock Market Plunge As Gold And Bitcoin Price Soar
New Gmail Warning — Do Not Open This Email From Google
WWE WrestleMania 41 Results, Winners And Grades On Night 2
Flash Drive File Grabber Confirmed
Writing at Kaspersky’s threat research portal, Securelist, Kaspersky security researcher Oleg Kupreev confirmed that there are two components within the Goffee attack arsenal that are used specifically to target removable media. These are FlashFileGrabberOffline and FlashFileGrabber. OK, so maybe I should take it back about hackers being creative, at least when it comes to naming attack tools. The offline variant “searches removable media for files with specific extensions, and when found, copies them to the local disk,” Kupreev said. It does this by using a a number of newly created subdirectories in the TEMP folder, as well as a free.db file that is used to store metadata for those copied files. FlashFile Grabber, meanwhile, does much the same but adds functionality so as to be able to communicate with a server to which the stolen files are despatched.
To mitigate the flash drive data threat, you have to move up the attack chain and look to where fit all begins, and that’s with a phishing campaign. All the usual advice, therefore, when it comes to preventing phishing attacks needs to be taken into consideration. You might want to ensure that all removable flash drive data is securely encrypted.
ForbesAutomatic Password Hacking Machine Confirmed — Stop Using Passwords NowBy Davey Winder
