What is Warshipping?
is a term coined by IBM in 2019. It is the use of a physical device to attack a digital infrastucture.
When we talk about cybersecurity, our focus is largely directed toward internet and internal network security risk management. This leaves physical security gaps frequently overlooked. Hackers have uncovered increased opportunities created by our hybrid workplaces and cloud environments. Old low-tech methods are easy for them to deploy.
How Does Warshipping Work?
This is where our physical email becomes an unsuspecting player in a security attack.
In one example, bad actors mail a small device called a Raspberry Pi in a harmless-appearing envelope.
The Raspberry Pi is a small circuit board equipped with a wi-fi card, cellular modem, battery, and GPS receiver. Open-source network detection software called Kismet is loaded onto this circuit board. Kismet is able to quietly sniff and detect network traffic. These are all the tools needed to infiltrate your company’s infrastructure.
The Raspberry Pi is the size of a business card and fits conveniently between two pieces of cardboard. Imagine how easy it is to mail this as a marketing promotional piece. Who doesn’t love a free tech gift to show to everyone in the office?
Once inside your physical building, the Raspberry Pi has access to the entire network. The mail does not need to be opened for the device to get to work.
(Amazon affiliate link)
Another popular tactic used by bad actors is mailing a USB device as a promotional gimmick. Once plugged into a desktop or laptop, the software loaded on the USB device quickly infiltrates the company’s network.
5 Precautions You Should Take
Open all mail as soon as it is received. With work from anywhere becoming the norm, mail can often be left unopened for days. Make sure there is someone in your company – even if you are a company of one – to regularly open mail.
Inspect all packaging carefully. With a device the size of a business card, it is easy to overlook. Open all packaging carefully and promptly dispose of all materials.
Never plug an unknown USB drive into a device. We go one step farther. We recommend that USB drives be disabled on all company devices. This hardware control can be implemented as a company policy by your network administrator.
Remember that attacks often go undetected for months if not longer. Risk management is a long game. Make sure you have the right tools, skills, and a continuously educated workforce.
Implement advanced network security services. Virus detection software is important, but it alone is no longer adequate. You need real-time intrusion detection and prevention services that continuously scan for new threats.
What is Advanced Endpoint Security
The Essential Advanced Security Bundle for Your Company's Everyday Protection
DNS web content filtering
Proactive 24/7/365 SOC breach monitoring and support
Advanced endpoint security, the next generation anti-virus