What is Warshipping ? Should I be concerned ?

What is Warshipping ? Should I be concerned ?

?

Most people have thought about it from time to time , when looking at attacks made by terrorists and people with malicious intent , that they could do a better job, if they were so inclined. There are official think-tanks out there that ponder over possible attack vectors , with the purpose of staying one step ahead , pre-empting and nullifying any emerging threats before someone carries them out with malicious intent.

The term Warshipping came about as a result of IBM’s X-Force Red investigating potential methods where hacking technology can be deployed in different environments. Warshipping came about from artifact hacking methods known as "wardialing" and "wardriving" , where cybercriminals infiltrate a network remotely. “Wardialing” a method dating back to the days of dial-up internet . Wardriving being the act of looking for accessing Wi-Fi networks ( usually by driving around using a laptop or smartphone ). ?IBMs X-Force Red team posed the question , is it possible to place hacking technology into a parcel and use it as a means of accessing a supposedly secure network. This proof of concept was coined as “warshipping”.

From this , the potential for vulnerabilities came into focus. What if ….

IBM X-Force Red investigated how cybercriminals might exploit package deliveries to hack into corporate or personal home networks right from the office mailroom or even from someone’s front door. Potentially the CEO’s home address , sitting within range of their home Wi-Fi.

Using warshipping, X-Force Red was able to infiltrate corporate networks undetected. Their aim in doing so was to help educate their customers about security blind spots and modern ways adversaries can disrupt their business operations or steal sensitive data.

How are Warshipping device’s comprised.

Warshipping devices perform two functions. They need to be able to reach out to target networks within range , and they also need to be able to communicate back to those who are controlling it. Most warshipping devices are made up of a single-board computer (SBC) that can run on a basic cell phone battery. IBM used a command and control server to activate their device and GPS technology to establish it’s position on route to the target mailroom and recipient.

“Once we see that a warship device has arrived at the target’s front door, mailroom or loading dock, we are able to remotely control the system and run tools to either passively or actively attempt to attack the target’s wireless access”?Charles Henderson Head of X-Force

Once in position the warshipping device listens for packets that can use to break into the victim’s systems. E.g. handshake, a packet signaling used to established a network connection. Transmitting information back to the attacker to enable them to gain wireless password, and Wi-Fi access, as well as being able to launch other active wireless attacks, such as a deauthentication attack or “evil twin” Wi-Fi attack.

Enabling the hackers to steal sensitive employee data, exfiltrate corporate data or harvest user credentials.

For those who are fortunate enough to have X-Ray technology in their mailroom , it’s important that X-Ray operators are familiar with Warshipping. It’s fair to say that most operators will pay particular attention to items that appear to be connected with wiring and a power source , but many will dismiss warshipping devices as they won’t be accompanied by explosive material or initiators.

Slick Warshipping attacks are often accompanied by a wardialing type email campaign to identify workers within am organisation that are on leave. Warshipping packages will often be sent to employees who have indicated their absence in out of office messages.

As our respective IT infrastructures evolve, it is likely that your IT specialist have started to think about this as a possible attack vector. However this also sits in the realms of physical security and a joined up approach is often needed where cyber and physical security managers come together.??

Pitney Bowes offer comprehensive training to clients who choose to use X-Ray technology to screen mail. This training enables operators to understand how typical postal threats are comprised , and how to spot them under X-Ray.

For more information on warshipping , please feel free to drop me a line.

?

Reference

https://securityintelligence.com/posts/package-delivery-cybercriminals-at-your-doorstep/?