{"id":55365,"date":"2021-10-26T11:00:00","date_gmt":"2021-10-26T15:00:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=55365"},"modified":"2024-07-11T13:28:00","modified_gmt":"2024-07-11T17:28:00","slug":"mitigating-hardware-based-attacks","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/mitigating-hardware-based-attacks","title":{"rendered":"Mitigating Hardware-Based Attacks"},"content":{"rendered":"\n
It\u2019s Cybersecurity Awareness Month! In honor of the theme \u2014 Do Your Part. #BeCyberSmart \u2014 we\u2019re doing our part by educating IT teams and organizations on protecting themselves. Throughout October, the JumpCloud blog will focus on top cybersecurity issues, from IT admin best practices to CISO responsibilities. Tune back in throughout the month for new cybersecurity content or <\/em>check out our archive of existing security articles<\/em><\/a> for cybersecurity insights written specifically for the IT professional.<\/em><\/p>\n\n\n\n It\u2019s Security Awareness Month and we\u2019d be remiss not to highlight the importance of mitigating hardware-based attacks. These attacks are becoming more commonplace, can bypass most authentication and endpoint security systems, and are challenging to trace. Attackers are adapting their modus operandi to leverage weaknesses in how operating systems manage hardware. The Postal Service, your employees, and even commercial products stacked on the shelves of big box stores are the latest and least understood avenues of attack. Training, internal controls, zero-trust access controls, and supply chain management must adapt in kind.<\/p>\n\n\n\n This problem is so prevalent that Honeywell Cybersecurity Research warned<\/a> about it in June, 2021. Key findings were that 79% of cyber threats originating from removable media were \u2018critical\u2019 to Operational Technology in heavy manufacturing and that the amount of malware specifically engineered for use with that attack vector doubled year-over-year. The U.S. Centers for Medicare and Medicaid similarly advised about the threats<\/a> posed to healthcare devices. A USB drive or rogue device masquerading as a keyboard can bypass EDR<\/a> and NAC<\/a> security systems, exposing mission critical systems to MitM attacks, industrial espionage, and ransomware. This was ‘Jame Bond’ stuff 5-6 years ago, but cyber criminals are now targeting industries including manufacturing and healthcare, using the Layer 1<\/a> attack vector. Hackers recently mailed devices<\/a> out to companies throughout the United States; another threat is coming from ‘inside the house’ as remote workers return to the controlled office environment.<\/p>\n\n\n\n Hardware-based attacks are happening because the USB standard did too good<\/em> of a job simplifying the process of connecting peripherals to systems, which is exactly what it was designed for. There are instructional YouTube videos on how to spoof a trusted vendor\u2019s Device and Class IDs, which are identifiers that operating systems use to recognize hardware such as keyboards. Crooks can replicate the look and feel of a known device, such as a keyboard, but have additional components hidden within the chassis that house a hidden malware payload. <\/p>\n\n\n\n These can be categorized into the following groups:<\/p>\n\n\n\n Rogue Devices<\/strong>: These include fake peripherals or a Raspberry Pi Zero impersonating<\/a> logical parameters; the O.M.G. cable<\/a> and NSA Cottonmouth<\/a> that appear to be legitimate smartphone chargers, but are actually USB implants that are equipped with remote access tools or malware.<\/p>\n\n\n\n Repurposed Devices<\/strong>: The Proxicast PocketPORT 2 is a tiny 3G\/4G\/LTE modem-to-ethernet bridge that can serve as a modem or router. Criminals have used this for deep monitoring within the financial services industry at a Tier 1 bank. Such a device could work over a passive cable connection, siphoning power from your systems. They\u2019re not easy to find and remain hidden.<\/p>\n\n\n\n Secure IoT Devices<\/strong>: Internet of Things devices aren\u2019t famous for quality security. There\u2019s examples where IoTs have been used to clog networks or engage in Bluetooth attacks including Blue Borne<\/a> and Bleedingbit<\/a>. Other flaws exploit methods that IoT products use to discover one another for easier installations. Malware can utilize that ability to propagate itself. These devices are often not easy to update and can become an underlooked attack vector within the network.<\/p>\n\n\n\n I recently had the pleasure of working with \u2018retired\u2019 intelligence agents from one of the world\u2019s leading agencies. They now work with a company that\u2019s addressing this problem and shared a few tales about how these attacks might (and probably did) occur:<\/p>\n\n\n\n There are now purpose-built systems to scan and control access to the physical layer, making it possible to uncover rogue devices without mirroring your network traffic. This is an emerging space where industry analysts and security professionals are paying greater attention to. The founders of some household name security companies are on the boards of start-ups addressing hardware based access control. These solutions<\/a> are typically not intended for Small and Medium Sized Enterprises (SMEs), however. Your controls are more likely to be targeted.<\/p>\n\n\n\n Effective mitigation also comes down to training your staff on the principle of \u2018if you see something, say something\u2019. Strangers should be reported, and if possible, leverage proximity badges and employee IDs. More advanced controls can include a mantrap<\/a>, deploying CCTV, or hiring security guards. Also keep in mind that employees could be disgruntled or compromised; ensuring that your people are happy, appreciated, and motivated plays a role in security. Manage your emotional culture<\/a>: insider threats can and do occur, especially if someone is motivated to fulfill an emotional need<\/a>, and criminals will<\/em> try to exploit those pressure points.<\/p>\n\n\n\n You won\u2019t have that controlled environment at your disposal when employees work from home. Train your employees to be vigilant and on the lookout for scams, odd packages, \u2018free\u2019 gifts, and requests for home mailing information in the form of phishing emails. Cyber criminals are well organized and will adapt to changing work conditions as Work from Anywhere normalizes.<\/p>\n\n\n\n The worst case is if the rogue device comes from the inside, from you to your employees. Don\u2019t bow to financial pressure when being pennywise is a pound foolish while rogue devices are infiltrating online merchants. We all think about smart budgeting, but saving a few dollars on inexpensive peripherals may not be worthwhile given rising supply chain risk. Your rationale is that there\u2019s a very valid reason why the U.S. Federal Government has issued executive orders<\/a> and guidance for government agencies to fully vet suppliers. You may not be the Feds, but taking measures such as having your purchasing department use legitimate suppliers, and avoiding whitelabel and some<\/em> secondhand devices is advisable in today\u2019s environment. You may also consider adopting ISO’s SDPX<\/a> supply chain standard.<\/p>\n\n\n\n There are global \u2018hotspots\u2019 for this activity in Asia and Eastern Europe, but it\u2019s a small, integrated world through global commerce and online auction sites. Don\u2019t buy from a supplier that you don\u2019t know and trust and you should be fine. Find other ways to cut your costs.<\/p>\n\n\n\n The IT industry has done a decent job of discussing threats to the network and software buckets of cybersecurity, but hardware-based attacks are something that\u2019s not frequently talked about or well understood. Be aware that this is an emerging threat that we\u2019ll be hearing more about and take precautions to be proactive before your organization is among the first to get caught unprepared and scratching its head during a post mortem analysis of what went wrong.<\/p>\n\n\n\n
\n\n\n\nWhy Care about Hardware Based Attacks?<\/h2>\n\n\n\n
Operating Systems are Too Trusting<\/h3>\n\n\n\n
\n
How it Happens<\/h2>\n\n\n\n
\n
Threat Mitigation<\/h2>\n\n\n\n
Technical<\/h3>\n\n\n\n
\n
\n
\n
Administrative<\/h3>\n\n\n\n
Supply Chain Integrity<\/h3>\n\n\n\n
Conclusion<\/h2>\n\n\n\n