Entire computer systems now also fit comfortably onto a practical USB flash drive. Recently, a minute computer measuring just 0.3 mm was developed for test purposes. Robots also keep getting tinier and are now barely larger than coins.

Miniature devices are not only practical, convenient and, most of all, portable, they can also be really rather dangerous in the end. The threat level is further intensified by the interaction of plug-and-play systems. You simply plug new hardware into the USB port and the devices are ready to use, or you can retrieve data via a USB flash drive. This is a big advantage for users as they do not have to worry about complex installation, but the process is fraught with security risks. This is because a USB flash drive can be used to bypass many security measures or even completely disable them.

Deceive and disguise

The threat is called “Bash Bunny”: hidden behind the IT device in the form of a USB flash drive is a small, portable and most importantly powerful Linux computer with a USB interface. It can be used to carry out attacks on Windows, Mac, Linux, Unix and Android systems.

The minicomputer looks like a conventional USB flash drive from the outside. On closer examination, you can see that it can be used to carry out extremely efficient and damaging attacks, to gain access to sensitive corporate data. Thanks to its quadcore CPU, Bash Bunny is extremely powerful. The small USB flash drive can do everything that normal Linux computers can, such as Python scripts or common Linux commands. When the inconspicuous USB flash drive is plugged in, Bash Bunny pretends to be a trustworthy media or network device, such as a keyboard. It even imitates keystrokes. The purpose of a Bash Bunny attack is to collect as much data as possible, and most importantly, to steal passwords and access data and save them to the integrated flash memory. The PC can then be accessed remotely, to open backdoors, download data and run programs.

Summary:

You do not always need processing power or botnets to launch attacks on a company. The threat can also come from a small and inconspicuous USB flash drive.