IBM's ridiculously named X-Force Red have documented a new attack vector they've dubbed "Warshipping": they mailed a sub-$100 custom, wifi-enabled low-power PC with a cellular radio to their target's offices.
The device scans for visible wifi networks; once it senses a network associated with its target (indicating that it has arrived on the target company's premises), it alerts its controllers over the cellular radio, and then scans the local wifi for instance in which users' devices are initiating new connections to the network. It captures the handshake data from these connections, transmits them over the cellular network to its controllers, and they can then crack the password offline, send login credentials to the warshipping device, login to the target network, and attack the network from within.
“Warshipping has all the characteristics to become a stealthy, effective insider threat — it’s cheap, disposable, and slides right under a targets’ nose — all while the attacker can be orchestrating their attack from the other side of the country,” said Henderson. “With the volume of packages that flow through a mailroom daily — whether it be supplies, gifts or employees’ personal purchases — and in certain seasons those numbers soar dramatically, no one ever thinks to second guess what a package is doing here.”
The team isn’t releasing proof-of-concept code as to not help attackers, but uses the technique as part of its customer penetration testing services — which help companies discover weak spots in their security posture.
With warshipping, hackers ship their exploits directly to their target’s mail room [Zack Whittaker/Tech Crunch]
(via Super Punch)
Wired has published another long excerpt from Sandworm, reporter Andy Greenberg's (previously) forthcoming book on the advanced Russian hacking team who took the US-Israeli Stuxnet program to the next level, attacking Ukrainian power infrastructure, literally blowing up key components of the country's power grid by attacking the embedded code in their microcontrollers.
For decades, it was a commonplace in western business that no one could afford to ignore China: whatever problems a CEO might have with China's human rights record could never outweigh the profits to be had by targeting the growing Chinese middle-class.
A little over a year ago, Bloomberg stunned the world with a report that claimed that Chinese intelligence services had figured out how to put undetectable, rice-grain-sized hardware implants into servers headed for the biggest US cloud and enterprise IT firms, and that when some of the victims discovered this fact, they quietly ripped out […]
Do you own a Mac? Unless you’re using it for a paperweight, you almost can’t afford not to get the Magnificent Mac Bundle. It’s a roundup of some truly essential security and file management apps, bundled up with great photo and video enhancers. The best part is that all nine apps are potentially available for […]
As much as vaping has taken over the market during the last decade, there’s still a lot of questions about the technology, as well as health concerns that we’re just now finding out about. One thing you can say about smoking: You know exactly what you’re getting, especially when it comes to pipes that you […]
We can’t all go through life with just a pair of sneakers and flip-flops. Sometimes, you have to invest in a pair of high-quality dress shoes. However, you’ve probably discovered that high-end footwear almost always comes with eye-popping price tags. You’ve got to compromise on second-hand or just suck it up and take out a […]