Employees are unknowingly inviting tech support impersonators into firms, says FBI
Summary
The FBI has reported that a threat group, known by various names including The Silent Ransom Group (SRG), is successfully gaining physical access to US law firms by impersonating IT support personnel. Once inside, they insert USB devices into victim computers to install malware or steal data, a tactic that has been used for decades but is now being effectively employed in person.
IFF Assessment
This article details a successful social engineering tactic used by threat actors to gain physical access to company networks, representing a significant risk to organizations.
Defender Context
Defenders should be aware of this evolving social engineering tactic, which combines physical impersonation with malware delivery via USB drives. This highlights the importance of robust physical security policies and employee training to recognize and report suspicious individuals, even those claiming to be IT support.