BSGTech Blog

BSGTech has been serving the Chicagoland area since 2009, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

The Hacker’s Rubber Ducky Should Frighten You

The Hacker’s Rubber Ducky Should Frighten You

When you think of the rubber ducky, what memories flood your mind? The rubber ducky might be reminiscent of simpler times, but a new threat that is capable of launching malware payloads via USB stands to ruin these fond memories forever.

What is the Rubber Ducky Threat?

The rubber ducky is a device that is, on the surface, no different from a regular flash drive used to transfer files. You’re likely no stranger to them. While the cloud makes this technology somewhat obsolete, the USB flash drive industry (a $7+ billion industry, by the way) is still going strong, seeing a 7% growth year after year. Suffice it to say that there are plenty of USB drives still circulating.

Of course, the rubber ducky is more than just your typical flash drive, even if it looks just like one. When you plug it into a computer, it is recognized not as file storage, but as a device like a USB keyboard. This means that any attempts to stop it from transmitting data are bypassed. Once the device is plugged in, it’s game over. Any keystroke made while the device is open is trusted, meaning that hackers have several different options available to them.

What Kind of Threat is Today’s Rubber Ducky?

Any device which uses a USB dongle must be scrutinized if you want to preserve network security, and rubber ducky is no different. Specifically, this hardware is designed to overcome the challenges faced by previous iterations of the hardware. This device uses what’s called “DuckyScript” to issue demands to the target machine. Previous iterations were limited to writing keystroke sequences, but DuckyScript is much more powerful, allowing attackers to store variables, write functions, and use logic to attack their victims.

Rubber ducky can also determine which operating system the user is running, deploying code to strike at the specified operating system. Furthermore, it can keep its automated executions under wraps by placing delays in-between keystrokes. This convinces the computer that the user is indeed human. Perhaps the most dangerous feature of rubber ducky is its capacity to steal data by encoding it in binary, giving the attacker the ability to steal it.

How Do You Protect Yourself?

The best protection from any USB dongle attacks is to ensure that potentially harmful drives are kept off of your infrastructure in the first place. Make sure that your team knows not to trust random drives they might find lying around, whether in the office or out in the world. If there is any shadow of a doubt concerning a device, it should be reported to IT.

If you don't have an internal IT department, however, we’d be happy to help you keep your infrastructure safe! All you have to do is contact us at (866) 546-1004 to learn more.

Which Search Engine Works Best? Part 1
No Matter How Strong Your Computer is, Magnets Are...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, 21 November 2024

Captcha Image

Mobile? Grab this Article

QR Code

Customer Login


News & Updates

BSGtech (formerly Business Solutions Group) is proud to announce the launch of our new website at www.bsgtech.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more infor...

Contact us

Learn more about what BSGtech can do for your business.

BSGtech
800 E. Business Center Dr.
Mt. Prospect, Illinois 60056

123 W Madison Street, Suite 1700
Chicago, Illinois 60602