Written by How Ducks, Bunnies, and bad USB devices can attack I.T infrastructure and how to prevent it from happening.
Rubber Ducky
The USB Rubber ducky is a HID or human interface device that looks similar to a USB Pen drive however it acts like a keyboard and may be used to inject keystrokes into a computer system at speeds of up to 1000 words a minute, this is used to hack a system, steal victims essential and critical data by injecting a payload to the victim’s computer before they know what has happened.
The Bunny
The bash bunny is its big brother.
Bash Bunny is a Debian Linux computer with a USB interface not much bigger than a flash drive, designed specifically to execute payloads when plugged into a target computer. It can be used against Windows, MacOS, Linux, Unix, and Android computing devices basically anything with a USB port.
With this in mind, it’s easy to see that anyone can become a victim of cybercrime just from plugging in a dangerous USB device or leaving open or unprotected ports on your computer system including your servers.
Simple Solutions
• Staff training in risk awareness and the risks of using unknown USB devices and encourage or enforce the use of company equipment only.
• Turn off any non-essential USB ports so they don’t function when used.
• Restrict access control for all other ports with at least multi-factor authentication or password requirement.
• Secure Server Rooms, Ensure server rooms with secure access only by authorised personel whome are cleared to access keys, passes or other acess control. Entry should never be allowed to anyone without clearance even if escorted by a cleared member of staff, ensure that all outside contractors requiring access have been cleared prior to accessing the room while escorted by authorized personnel.
Adopt a strong standard operating procedure or SOP’s and ensure the team is well versed and signs a form to acknowledge they have read and understood the SOP’s.
If you would like to learn more please add a comment below and we will be glad to help where possible.