Enterprise hybrid cloud usage is growing. With it comes a larger and more porous attack surface for cyber threats. However, workplaces must also be wary of an often-overlooked mail security issue that threatens digital infrastructure, shares Will Plummer, chief security officer at RaySecur.Â
Many believe that in 2022 we will see the first â€œphygitalâ€ catastrophe, a cyberattack with physical ramifications, causing a mission-critical application to go down and creating a ripple impact across businesses and consumers worldwide. There are early signs that cybercriminals are increasingly leveraging gaps in physical security to attack digital infrastructure while most resources go to improving cyber protection. Risk managers and CISOs must be aware of how this is happening and how to mitigate these threats.Â
The Growing Threat in 2022
Russia’s invasion of Ukraine has elevated global political tension while domestic issues continue to intensify amidst COVID-19 vaccine mandates and other forms of social discord. Division always increases physical and cybersecurity risks. In addition, more technological dependency in nearly every industry creates further incentive to target a workplaces’ digital infrastructure for a massive and lasting impact. This is especially true as many companies shift to hybrid cloud environments, which further incentivizes cybercriminals with more rewards for their efforts since successfully hacking one company can also provide access to other data center tenants.
Although any organization can suffer a phygital attack, critical infrastructure sectors are at higher risk. The Cyber Security and Infrastructure Security Agency (CISA) includes 16 industries in this category, such as manufacturing, government facilities, and IT. One such incident was the Colonial Pipeline ransomware attack last year. Hackers didn’t need to shut down the pipeline to be effective, just to cause disruption. Attacking the billing department shut down the operation and pushed the company to pay the ransom within several hours. That doesn’t even account for the cost of analysis and remediation.
General technological innovation has also created more methods and opportunities to hack a network and, in some cases, resurfaced older methods in new ways. An example of this is warshipping. It’s a trojan horse-style attack named by IBMOpens a new window during Black Hat USA in 2019, where bad actors employ physical devices to attack digital infrastructure. This method has been used for corporate espionage as well as sabotage.Â
How Does Warshipping Work?
Warshipping is a dangerous threat that relies on gaps in physical security, particularly mail, to gain direct access to a network. People are generally not on high alert with mail. It tends to naturally migrate to sensitive areas of an organization without resistance, such as the billing department, where bad actors can execute their attack. Hacking a network with direct access can be a lot easier than remotely. Smaller devices and long-life batteries open more warshipping opportunities.Â
There are two main methods for this kind of attack:
The first is to ship a small device such as a Raspberry Pi rigged with a Wi-Fi card, cellular modem, GPS receiver, and a battery. It can be loaded with open-source Kismet, a console-based wireless network detector, sniffer, and intrusion detection software that can be used for benign purposes but can also search and infiltrate Wi-Fi networks. The Raspberry Pi is a small circuit board, the size of a business card, that can fit between two layers of cardboard or be hidden in seemingly innocuous items like gifts or marketing swag. Having the package inside your facility is enough for the device to start compromising your network.Â
The second and most recently reported method is shipping a USB device rigged with malware. This January, the FBI warnedOpens a new window of unsolicited thumb drives sent by mail that can attack networks when plugged in.
Warshipping is not identified or reported as routinely as cyberattacks, meaning it often takes a backseat to other security concerns.
How to Protect the Workplace
Luckily, CISOs and risk managers can take measures to prevent a phygital attack like warshipping. Here are some tips:
- Educate your workforce on these kinds of threats. Human error is historically a leading cause of breaches.
- Process all mail immediately. The longer mail items sit in a facility before being screened, the more time the warshipping device can access the network. Companies are at greater risk during COVID-19, where temporarily vacant offices are piling up mail. Similarly, items sent to employees on extended leave (travel, working remotely, maternity leave, etc.) pose a higher risk as they can sit unopened for weeks or months, like a Trojan horse.Â
- Scan mail items for potential threats and remove and discard packaging from the facility once opened.
- A metal detector in the mailroom can identify threats but takes up a lot of space and will lead to many false positives.Â
- Innovative mail screening technology such as mmWave scanners provide scalable, safe, and greater visibility into more minor threats in a workplace than the standard X-ray screeners.
- Network security systems, such as intrusion detection, can monitor a network or systems for malicious activity or policy violations.
Warshipping and other phygital attacks are glaring threats aggravated by the pandemic and a remote workforce. It has never been more critical to protect digital infrastructure as we rely on it more each passing year. CISOs and risk managers can further mitigate the chances of falling victim to these attacks by defending networks with proper cyber and physical security.
What strategies do you have in place to protect against phygital attacks? Tell us about it onÂ LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d love to learn from you!