It is so hard to keep up with the latest ways the bad guys try to infiltrate company data. One new technique is called warshipping, and its implementation is pretty simple and a little old school.
IBM X-Force Red investigated the technique to give its customers an idea of the newest threats to enterprise systems. The warshipping technique gets past the firewall, spam filter, and other tools that are placed on the perimeter of a company’s system, because it comes old-school—often in a package delivered to the lobby of your office. So you can have all the sophisticated tools that are available in the market, and this threat sneaks right in through the U.S. mail or via a package delivery company.
The intruder places a tiny, low-cost, low-power, “computer” (essentially a processor chip and a few other electronic components) in a package that is shipped to the company. The device is remote controlled and is powered by a telephone battery. The IBM researchers were able to manipulate the devices so they went off when not in use, and on when in use. They used an IoT modem to follow the devices in transit and to communicate with them when they were on.
The researchers were able to complete wireless scans while the devices were in transit and use GPS to confirm the devices reached their final destination. Once it was there, the researchers were able to use tools to try to get into the company’s system through the wireless connectivity, or implement an “evil twin attack,” which allows the intruder to set up a decoy Wi-Fi and steal credentials.
Using the warshipping technique, the IBM researchers were able to infiltrate company networks. And these are the good guys. They’re giving us information to combat these types of attacks, so the next step is to figure out how to detect these tiny devices in packages delivered to the office or mail room. Sounds like a great idea for an entrepreneur—to come up with a package monitoring system to combat warshipping.