USB drives have long been a convenient method for transferring data, whether that be sharing presentations, transporting or sending files and much more, but they also present a significant security risk that many people and businesses overlook. One of the most well-known of these types of threats is the 'USB Rubber Ducky.', this small USB device looks exactly like a regular USB flash drive but is far more sinister in its capabilities.
What is a USB Rubber Ducky?
The USB Rubber Ducky is a “keystroke injection tool” disguised as an off-the-shelf USB flash drive. However, the Rubber Ducky emulates a keyboard when plugged into a computer, it executes pre-programmed keystroke sequences at the fastest speeds possible to quickly perform actions and wreak havoc on your computer systems. These sequences can be malicious commands or scripts that compromise the security of the computer it is connected to, copy, and send data to external sources, grant admin controls and remote access to your computer or download further malicious data designed to spread throughout your network. The USB Rubber Duck has been developed by Hak5, an organisation specialising in cyber-security tools, the same company has also developed the “OMG Cable” which is designed as a similar tool, however, can be disguised as a non-descript USB cable that someone might plug into their computer to connect their phone. Whilst these tools can be used to perform simple benign tasks, such as quickly downloading and installing regular software a new user may need, it has gained significant notoriety among security researchers and hackers alike for its use to perform malicious actions.
How Does it Work?
Upon insertion into a USB port, the device identifies itself as a Human Interface Device (HID), much like a regular USB keyboard. This means it bypasses common anti-virus software as these are looking for malicious virus signatures and not malicious actions. Once recognised as a USB Device, it executes its payload, which is a set of instructions coded in a simplified programming language called 'Ducky Script.'. This payload can then easily perform a variety of tasks, including; installing malware, copying and sending sensitive information, downloading and installing remote access software, creating administrator permissions and much more, all within a matter of seconds.
The Risks to Businesses
The most concerning aspect of the USB Rubber Ducky, or the OMG Cable, are its innocuous appearance. Employees may find one lying around the office and, out of curiosity, need of a device, or an intent to find its owner, plug it into their workstations. Unwittingly, they would activate the malicious script, compromising both their personal data and potentially the entire corporate network.
Bypassing Security Protocols
Traditional security measures, such as anti-virus software, are often ineffective against such devices since they don’t recognise them as a threat. This makes these types of devices an attractive method for cyber criminals to exploit existing security gaps as part of a targeted attack.
Because the payload of these devices executes instantaneously upon plugging in the device, it leaves no window for detection or prevention by traditional methods. This makes it an ideal tool for quick, targeted attacks on a corporate network.
Data Theft and Manipulation
Through automated scripts, the USB Rubber Ducky and OMG Cable can easily copy, transfer, or manipulate data, log keystrokes (such as passwords), and even exfiltrate confidential data to a remote cloud storage location for the attacker to access, all while going undetected.
How can TwentyFour protect your business against these threats?
The USB Rubber Ducky serves as a cautionary tale about the seemingly benign elements in our environment that can pose a significant threat to business security. Awareness and preventive measures are the first lines of defence in mitigating the risks associated with such devices. However, Businesses must proactively educate their employees and update their security protocols to safeguard against such unassuming yet potent threats. Whilst Traditional Anti-Virus cannot detect these types of device-based threats, a solution can be found. Managed Endpoint Detection & Response can monitor your devices, including peripherals, for Unusual, Suspicious, or Malicious activity and block it in its tracks. You can also set advanced controls for devices such as keyboards, mice, cables, USB drives, external hard drives and so on, which can be connected to your devices and much more.
Contact us to find out more about Endpoint Detection & Response and take our Cyber Security Health Check to find out if your business is following the essential steps of a comprehensive, cost-effective, cyber security solution.