Defending against weaponized hardware: Microsoft Defender ATP & Microsoft Intune to the rescue!
Physical security is an often-overlooked component of data and system security in the technology world. While frequently forgotten, it is no less critical than timely patches, appropriate identity protection, and application security. You can have the most hardened servers and network but that doesn’t make the slightest difference if someone can gain direct access to a keyboard and mouse.
An often-used popular hardware attack is the USB RubberDucky, a keystroke injection tool disguised as a generic flash drive. Computers recognize it as a regular keyboard and automatically accept its pre-programmed keystroke payloads. The lesser known Cactus WHID takes this to the next level by adding a wireless access point, to allow for remote control of the hardware and keystrokes.
Bad actors will modify regular USB devices to hide their hardware in plain sight, making it hard to detect visually.
Interested in more technical details? Select the dark button on the right
How can I defend against this weaponized hardware? Does Microsoft Defender ATP detect RubberDucky’s? And what role can Microsoft Intune play in securing the endpoint? The dark button on the right hand side of the screen will take you to the technical details.
How can I protect myself from these types of attacks?
Weaponized hardware is a real threat. And a common one in social engineering and supply chain attacks. Implementing endpoint security is a key task to protect yourself from these types of attacks.
Wortell can help design and implement Microsoft Defender ATP and other (workplace) security measures. However, we also provide it as a service through our Managed Microsoft 365 offering. Contact us for more information.
— Maarten Goet, MVP & RD