Beware of the Rubber Ducky!

If you happen to stumble upon a USB drive of any kind, DO NOT USE IT. It could easily be a hacker baiting you for what is known as a Rubber Ducky USB attack. Don’t be fooled by its name. This attack is more serious than it sounds. This innocent looking thumb drive packs a powerful payload of malicious malware to infect any device it is plugged into and wreak havoc.

Let’s say you or one of your employees is at a lunch break away from the office or jobsite and finds a memory stick left in a restaurant’s restroom and decides to keep it for themself. Or your coworkers may have a meet-up after work at a local bar and one of them finds a USB sitting on the bar. Their first instinct might be to bring it back and plug it into your field laptop, their PC at home or the one at the office to see what is on it. STOP!

How it Works

This seemingly innocent USB drive, or ones similar, has a secret micro SD slot to store keyloggers, ransomware, malicious URLs and other types of malware. Once plugged into a computer, it installs backdoors, exfiltrating documents or credential capturing software. It also has a secret keyboard chip that emulates keystroke injections which activates the payloads (malicious malware). This type of information results in capturing sensitive information, such as online banking login details and passwords on your online or local network accounts.

A Little History

The Rubber Ducky USB drive was first used by the U.S. and Israel intelligence agencies to infiltrate Iranian nuclear facilities. By getting the USB drives into the hands of their nuclear scientists, they would use them inside the facilities to distribute malware on the network systems. The malware would overwrite the nuclear centrifuge systems to damage their equipment while modifying their control systems to show everything was normal. This secret project was called Stuxnet, one of the world’s first major digital weapons.

How to protect yourself

It’s very simple, tell your entire team NOT to use any found USB drives. Cybercriminals leave these inconspicuous devices behind in popular places and/or high-traffic areas frequented by business professionals with the intent would-be victims will eventually bring them in to their company environment thereby giving the hackers a connection directly into their business network. It is important to note there are advanced network utilities that your IT team can utilize to add restrictions to your company devices to prevent these attacks from coming through USB ports. In addition, educating your team is a crucial piece of the cybersecurity puzzle.

Conclusion

If you are a business and want help with cybersecurity solutions for your SMB company, we can help meet your company’s unique demands. Connect with a Client Success Manager to schedule a time to discuss your needs and how we can meet them.