{"id":55365,"date":"2021-10-26T11:00:00","date_gmt":"2021-10-26T15:00:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=55365"},"modified":"2024-07-11T13:28:00","modified_gmt":"2024-07-11T17:28:00","slug":"mitigating-hardware-based-attacks","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/mitigating-hardware-based-attacks","title":{"rendered":"Mitigating Hardware-Based Attacks"},"content":{"rendered":"\n

It\u2019s Cybersecurity Awareness Month! In honor of the theme \u2014 Do Your Part. #BeCyberSmart \u2014 we\u2019re doing our part by educating IT teams and organizations on protecting themselves. Throughout October, the JumpCloud blog will focus on top cybersecurity issues, from IT admin best practices to CISO responsibilities. Tune back in throughout the month for new cybersecurity content or <\/em>check out our archive of existing security articles<\/em><\/a> for cybersecurity insights written specifically for the IT professional.<\/em><\/p>\n\n\n\n


\n\n\n\n

It\u2019s Security Awareness Month and we\u2019d be remiss not to highlight the importance of mitigating hardware-based attacks. These attacks are becoming more commonplace, can bypass most authentication and endpoint security systems, and are challenging to trace. Attackers are adapting their modus operandi to leverage weaknesses in how operating systems manage hardware. The Postal Service, your employees, and even commercial products stacked on the shelves of big box stores are the latest and least understood avenues of attack. Training, internal controls, zero-trust access controls, and supply chain management must adapt in kind.<\/p>\n\n\n\n

This problem is so prevalent that Honeywell Cybersecurity Research warned<\/a> about it in June, 2021. Key findings were that 79% of cyber threats originating from removable media were \u2018critical\u2019 to Operational Technology in heavy manufacturing and that the amount of malware specifically engineered for use with that attack vector doubled year-over-year. The U.S. Centers for Medicare and Medicaid similarly advised about the threats<\/a> posed to healthcare devices. A USB drive or rogue device masquerading as a keyboard can bypass EDR<\/a> and NAC<\/a> security systems, exposing mission critical systems to MitM attacks, industrial espionage, and ransomware. This was ‘Jame Bond’ stuff 5-6 years ago, but cyber criminals are now targeting industries including manufacturing and healthcare, using the Layer 1<\/a> attack vector. Hackers recently mailed devices<\/a> out to companies throughout the United States; another threat is coming from ‘inside the house’ as remote workers return to the controlled office environment.<\/p>\n\n\n\n

Why Care about Hardware Based Attacks?<\/h2>\n\n\n\n

Operating Systems are Too Trusting<\/h3>\n\n\n\n

Hardware-based attacks are happening because the USB standard did too good<\/em> of a job simplifying the process of connecting peripherals to systems, which is exactly what it was designed for. There are instructional YouTube videos on how to spoof a trusted vendor\u2019s Device and Class IDs, which are identifiers that operating systems use to recognize hardware such as keyboards. Crooks can replicate the look and feel of a known device, such as a keyboard, but have additional components hidden within the chassis that house a hidden malware payload. <\/p>\n\n\n\n

These can be categorized into the following groups:<\/p>\n\n\n\n

Rogue Devices<\/strong>: These include fake peripherals or a Raspberry Pi Zero impersonating<\/a> logical parameters; the O.M.G. cable<\/a> and NSA Cottonmouth<\/a> that appear to be legitimate smartphone chargers, but are actually USB implants that are equipped with remote access tools or malware.<\/p>\n\n\n\n