Fake IT Workers Are Hacking Offices In Person
TL;DR: A ransomware gang is sending fake IT workers into offices to steal data, according to a new warning from Google and the FBI. The attackers use USB drives and remote access tools to bypass digital security measures.
Key facts
- Category
- Cybersecurity
- Impact
- Critical
- Published
- Source
- TechCrunch
Full summary
Google and the FBI warn that a ransomware gang is sending fake IT workers into offices to physically steal company data.
Google and the FBI have issued a critical security alert about a ransomware group using a bold new tactic: physical infiltration. The gang, known as the Silent Ransom Group, sends operatives who pose as IT support staff to gain access to their targets' offices. According to the advisory, these impostors have successfully entered corporate environments, including law firms, by convincing employees they are there for legitimate maintenance or support tasks. Once inside, the attackers connect malicious USB drives to company computers or install remote access software. This allows them to bypass network security from within the trusted perimeter, exfiltrating sensitive data directly from the source. The strategy combines sophisticated social engineering with direct physical access, creating a blended threat that many organizations are not prepared to handle. It represents a significant evolution from purely digital ransomware attacks, which typically rely on phishing emails or software vulnerabilities to gain initial entry.
This development is a major concern for security teams and business leaders because it sidesteps many conventional cybersecurity defenses. Firewalls, email security gateways, and endpoint detection systems are designed to stop remote threats, but they offer little protection against an attacker who is physically present in the office and has been granted access to a workstation. The success of this method hinges on exploiting human trust and gaps in physical security protocols. It serves as a stark reminder that a company's security posture is not just about its digital infrastructure but also about its real-world procedures and employee awareness. Organizations must now re-evaluate their visitor verification processes, protocols for unscheduled IT support, and employee training on how to identify and report suspicious activity. The warning from federal law enforcement and a major tech company underscores the credibility and severity of this emerging threat, signaling that all businesses should review their defenses against both digital and physical intrusion.
⚡ Action needed
Review physical security protocols and employee training to prevent unauthorized access. Ensure all on-site IT support visits are verified through established channels before granting access to facilities or equipment.
Action checklist
- 1Verify all unscheduled IT support visits with your internal IT department before granting access.
- 2Implement a strict visitor check-in and escort policy for all non-employees.
- 3Train employees to spot and report social engineering attempts, both online and in person.
- 4Restrict USB port access on sensitive workstations where possible.
- 5Review security camera footage and access logs regularly for suspicious activity.
Related on Notifire
Primary source: TechCrunch