In the dark work of hacking a “rubber ducky” is a tool that looks like any USB drive, which hackers can easily buy off the internet and then program to do almost anything on a computer, once inserted into the USB drive.
For example it could be programmed to:
- Disable the anti-virus software installed on a machine, so a predator could then follow up with a virus, or;
- Copy passwords and login information to access business networks, or;
- Change documents or any other sensitive information, or;
- Send an email from your account to any of your contacts.
As it looks like any other USB, there are multiple ways that a hacker could gain access to a computer, including:
- Placing the USB into an unlocked, unattended computer
- Leaving it somewhere with a label that sparks curiosity
- Sending it as a promotional gift
- Colleague to colleague sharing of USB files
This is one way cyber-criminals can target people within an organisation to steal business data. It is less recognised, and harder to contain than traditional “hacking”, which is targeted at exploiting weakness in technological defences.
The best defence against these sort of malicious attacks is to combine a robust threat protection and detection technologies with an engaging employee awareness and education program.
Both technological and human defences, detection and response programs have to be properly owned and governed to ensure longevity, as cyber-threats will only keep evolving, and business data and IP will only increase in value to you and to cyber-criminals.
We will be hosting an event in October, where three industry experts will provide a step-by-step guide to how your company can adopt best practices to help mitigate the risks associated with cyber-attacks, including rubber duckys. Please get in touch below if you are interested in attending.