At a recent networking event, hosted by BNI Liberty Southampton, Chris Dewey delivered a detailed presentation and live demonstration providing insights into the ease with which a cyber breach can occur. He also gave information on practical defences against increasingly sophisticated cyber threats, showing how Net Primates cybersecurity measures can help to thwart attacks. By the end of the session it was clear to all in the room how vital advanced security measures are and how Net Primates can help build those vital cyber barriers. 

The risks of USB devices 

A significant portion of the presentation centred on the inherent risks associated with USB devices. To emphasise this point, two ‘Rubber Ducky’ USBs from HAK5, LLC were used. These devices are engineered to mimic human keystrokes and execute malicious scripts automatically when plugged into a computer. For the demonstration, a computer that was only minimally protected and equipped with user-level admin access was utilised. 

One of the USB devices executed a script that successfully disabled Windows Defender, demonstrating a significant vulnerability. Another script went a step further by extracting passwords, audibly reading them out, and then displaying them as wallpaper. This starkly showcased the potential for data theft and system manipulation through seemingly innocuous devices. 

Demonstrating advanced cybersecurity measures 

To showcase the effectiveness of robust cybersecurity solutions, the same USB devices were then used on a computer securely configured with the Net Primates’ Cyber Security Suite. The suite’s protective measures effectively thwarted the attacks. One attempt to disable Windows Defender was blocked due to restricted admin privileges, highlighting the importance of proper user privilege settings. Another attempt to execute a PowerShell script via the internet was stopped by ThreatLocker, an integral component of the suite, which prevented the script from accessing the internet without approval. 

The case for zero trust security 

These demonstrations underscored that basic antivirus solutions are no longer sufficient against complex cyberattacks. The discourse at the event leaned heavily towards advocating for a zero trust security model, where all access requests, whether from inside or outside the network, must be verified before access is granted. This approach ensures higher security for systems and sensitive information by operating on a principle of ‘never trust, always verify’. 

This case study from the networking event makes a compelling argument for businesses to advance their cybersecurity protocols and consider zero trust as a foundational strategy. As cyber threats continue to evolve, only those prepared with advanced, proactive security measures will give themselves the best chance of protecting against a cyberattack. 

Are you prepared? 

If you are concerned that your cybersecurity is not as strong as it should be, or would like to receive a demonstration of your own, get in touch. We’ll be happy to evaluate your systems to determine if there are areas of vulnerability. You can also watch an attack in progress if this will help you to understand the threats that we all face.