To breach networks, hackers no longer need for unsuspecting employees to play a role in the attacks. No need for phishing, spoofing, or downloadable malware. The latest trend involves sending pocket-sized, power efficient and low-cost computers to organizations or individual victims, in innocent looking packages.
Disguised as regular e-commerce packages, these packages end up in the mailroom with all of the newly ordered office supplies, the furniture delivery, and the event merchandise.
This mailroom attack vector can listen for data packets that are transmitted over wireless systems. It “listens for a handshake –the process of authorizing a user to log onto the Wi-Fi network- then sends that scrambled data over the cellular network back to the attacker’s servers,” enabling the hackers to decode the hash, and extract readable Wi-Fi login credentials.
Once in the network, hackers can sneak around, scooping up unsecured data and precious usernames and passwords that unlock high-value assets.
“…the attacker can be orchestrating their attack from the other side of the country,” reports one expert.
Through this method, evil twin attacks (Wi-Fi configurations that harvest data) and credential theft could theoretically occur. As though those prospects aren’t sufficiently frightening, devices can also come with programming that can read badges, enabling hackers to replicate physical access credentials.
To thwart insidious threats, organizations can treat packages like visitors, screening them thoroughly as they arrive.
For more on unexpected threats, check out this Forbes article.
Bonus: Food for thought- Malicious devices can arrive though the mail, but clever hackers can also deploy them in other ways. A malicious person could saunter into a bank with one of these devices in his or her pocket, and then target the bank in a coordinated attack. Do you have the right safeguards in place?