Social EngineeringJan Kahmen3 min read

Awareness with a USB Rubber Ducky

Media dropping is a practiced social engineering method and simulates a randomly lost USB stick.

Table of content

What is a USB Robby Ducky ?

A USB Rubber Ducky is a device that looks like an ordinary USB flash drive, but is actually a small computer that can very quickly execute a pre-programmed series of commands on a computer. It is usually used to execute many commands on a computer in a short time without requiring user interaction.

What is this Used For?

USB Rubber Duckies are usually used as part of penetration testing in social engineering attacks to steal secret data or install software on a computer. They can also be used to access computer systems where there is no direct access.

Features

Rubber Duckies are equipped with various technical features, including a microcontroller, a USB interface, a memory chip, and a number of input and output port connectors. In addition, some models have special functions such as a text editor, a data logger and an automatic programming function.

The microSD card: this is a storage device where all user data is stored. Therefore, if you connect a device to the victim's system, data will be stolen.

The keyboard adapter uses a microSD card to send the payload data.
microSD-to-USB adapter: This is a simple plastic dongle used to connect the SD card to the device.

Mini "keypad" adapter: this is a silicon chip in which a microSD card is inserted. This is the main part and sends the keystrokes to the computer.

Use Cases - Media Dropping

Media dropping is a practiced social engineering method that has both digital and analog components and simulates a randomly lost USB stick. Specially placed USB sticks infected with threat software are used in this way to infiltrate companies. Most often, the malware consists of spyware. The trick is that these data carriers are deliberately placed - usually as part of tailgating operations - so that they are visible to employees. These can then find them and open them due to their curiosity, allowing the malware to get onto their computer. However, media dropping can also be referred to as baiting if it promises the finder that they will receive something with the media, such as the company's financial accounting.

Conclusion

USB Rubber Duckies are usually used as part of awareness training to steal secret data or install software on a computer. They are equipped with various technical features, including a microcontroller, a USB interface, a memory chip and a number of input and output port connectors. Media dropping is a social engineering method used to infiltrate companies by placing USB sticks with threat software in places where employees can find them.

Contact

Curious? Convinced? Interested?

Schedule a no-obligation initial consultation with one of our sales representatives. Use the following link to select an appointment: