When you think of the rubber ducky, what memories flood your mind? The rubber ducky might be reminiscent of simpler times, but a new threat that is capable of launching malware payloads via USB stands to ruin these fond memories forever.
What is the Rubber Ducky Threat?
The rubber ducky is a device that is, on the surface, no different from a regular flash drive used to transfer files. You’re likely no stranger to them. While the cloud makes this technology somewhat obsolete, the USB flash drive industry (a $7+ billion industry, by the way) is still going strong, seeing a 7% growth year after year. Suffice it to say that there are plenty of USB drives still circulating.
Of course, the rubber ducky is more than just your typical flash drive, even if it looks just like one. When you plug it into a computer, it is recognized not as file storage, but as a device like a USB keyboard. This means that any attempts to stop it from transmitting data are bypassed. Once the device is plugged in, it’s game over. Any keystroke made while the device is open is trusted, meaning that hackers have several different options available to them.
What Kind of Threat is Today’s Rubber Ducky?
Any device which uses a USB dongle must be scrutinized if you want to preserve network security, and rubber ducky is no different. Specifically, this hardware is designed to overcome the challenges faced by previous iterations of the hardware. This device uses what’s called “DuckyScript” to issue demands to the target machine. Previous iterations were limited to writing keystroke sequences, but DuckyScript is much more powerful, allowing attackers to store variables, write functions, and use logic to attack their victims.
Rubber ducky can also determine which operating system the user is running, deploying code to strike at the specified operating system. Furthermore, it can keep its automated executions under wraps by placing delays in-between keystrokes. This convinces the computer that the user is indeed human. Perhaps the most dangerous feature of rubber ducky is its capacity to steal data by encoding it in binary, giving the attacker the ability to steal it.
How Do You Protect Yourself?
The best protection from any USB dongle attacks is to ensure that potentially harmful drives are kept off of your infrastructure in the first place. Make sure that your team knows not to trust random drives they might find lying around, whether in the office or out in the world. If there is any shadow of a doubt concerning a device, it should be reported to IT.
If you don’t have an internal IT department, however, we’d be happy to help you keep your infrastructure safe! All you have to do is contact us at (831) 758-3636 to learn more.