Deceive and disguise
The threat is called “Bash Bunny”: hidden behind the IT device in the form of a USB flash drive is a small, portable and most importantly powerful Linux computer with a USB interface. It can be used to carry out attacks on Windows, Mac, Linux, Unix and Android systems.
The minicomputer looks like a conventional USB flash drive from the outside. On closer examination, you can see that it can be used to carry out extremely efficient and damaging attacks, to gain access to sensitive corporate data. Thanks to its quadcore CPU, Bash Bunny is extremely powerful. The small USB flash drive can do everything that normal Linux computers can, such as Python scripts or common Linux commands. When the inconspicuous USB flash drive is plugged in, Bash Bunny pretends to be a trustworthy media or network device, such as a keyboard. It even imitates keystrokes. The purpose of a Bash Bunny attack is to collect as much data as possible, and most importantly, to steal passwords and access data and save them to the integrated flash memory. The PC can then be accessed remotely, to open backdoors, download data and run programs.