Warshipping (cyber attack Warship)
Now researchers from the X-Force Red project of IBM company developed verification of the concept (PoC) which can become the next step in evolution of cyber-crimes in 2019. It is called warshipping With warshipping, hackers ship their exploits directly to their target’s mail room , and combines technical methods with other, more traditional methods.
Content |
As warshipping works
Warshipping uses the available, inexpensive and low-power computer for remote accomplishment of the attacks in close proximity to the victim regardless of location of cyber-criminals. For this purpose, on a regular mail in the form of sending the small device containing the modem with 3G-connection goes to office of the victim. Existence of the modem means that the device can be controlled far off[1].
 | Thanks to the built-in wireless chip, the device performs search of the nearest networks for tracking of their network packets. Charles Henderson, the head X-Force Red in IBM, explains: "As soon as we see that our "warship" arrived to entrance doors, the mail room or the place of unloading of mail at the victim, we are already capable to control far off a system and to start tools for the passive or active attack of a wireless network of the victim". |  |
The attack using warshipping
As soon as so-called "warship" (warship) physically appears in office of the victim, the device begins to listen to data packets on a wireless network which it can use for penetration into network. It also listens to processes of authorization of users for connection to Wi-fi network of the victim and through cellular communication sends these data to the cyber-criminal that he could decrypt this information and receive the password to Wi-Fi of network of the victim.
Using this wireless connection, the malefactor can move on network of the victim now, trying to discover the vulnerable systems, available data and also to steal confidential information or passwords of users.
Threat with a huge potential
According to Henderson, this attack can quite become the hidden, effective insider threat: it inexpensive and not difficult in implementation and also can remain unnoticed from the victim. Moreover, the malefactor can organize this threat from far away, being at considerable distance. In a number of the companies where daily there passes the large volume of mail and sendings, it is rather easy not to notice or not to pay attention to small sending.
One of aspects which does warshipping extremely dangerous is that it can bypass protection of e-mail which is implemented at the victim for prevention of malware and other attacks which extend through investments.
See Also
- Censorship on the Internet. World experience
- Censorship (control) on the Internet. Experience of China
- Censorship (control) on the Internet. Experience of Russia, Roskomnadzor
- Law on regulation of Runet
- VPN and privacy (anonymity, anonymizers)
- Protection of critical information infrastructure of Russia
- Law On security of critical information infrastructure of the Russian Federation
- National Biometric Platform (NBP)
- Single Biometric System (SBS) of these clients of banks
- Biometric identification (market of Russia)
- Directory of solutions and projects of biometrics
- Digital economy of Russia
- Information security of digital economy of Russia
- SORM (System for Operative Investigative Activities)
- State detection system, warnings and mitigations of consequences of the computer attacks (State system of detection, prevention and elimination of consequences of computer attacks)
- National filtering system of Internet traffic (NASFIT)
- Yastreb-M Statistics of telephone conversations
- How to bypass Internet censorship of the house and at office: 5 easy ways
- The auditor - a control system of blocking of the websites in Russia
- The Single Network of Data Transmission (SNDT) for state agencies (Russian State Network, RSNet)
- Data network of public authorities (SPDOV)
- Single network of telecommunication of the Russian Federation
- Electronic Government of the Russian Federation
- Digital economy of Russia
- Cyber crime in the world
- Requirements of a NIST
- Global index of cyber security
- Cyber wars, Cyber war of Russia and USA
- Cyber crime and cyber conflicts: Russia, FSB, National coordination center for computer incidents (NKTsKI), Information Security Center (ISC) of FSB, Management of K BSTM of the Ministry of Internal Affairs of the Russian Federation, Ministry of Internal Affairs of the Russian Federation, Ministry of Defence of the Russian Federation, National Guard of the Russian Federation
- Cyber crime and cyber conflicts: Ukraine
- Cyber crime and cyber conflicts: USA, CIA, NSA, FBI, US Cybercom, U.S. Department of Defense, NATO, Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA)
- Cyber crime and cyber conflicts: Europe, ENISA
- Cyber crime and cyber conflicts: Israel
- Cyber crime and cyber conflicts: Iran
- Cyber crime and cyber conflicts: China
- As the USA spied on production of chips in the USSR
- Security risks of communication in a mobile network
- Information security in banks
- Digital transformation of the Russian banks
- Overview: IT in banks 2016
- The policy of the Central Bank in the field of data protection (cyber security)
- Losses of the organizations from cyber crime
- Losses of banks from cyber crime
- Trends of development of IT in insurance (cyberinsurance)
- Cyber attacks
- Overview: Security of information systems
- Information security
- Information security (world market)
- Information security (market of Russia)
- The main trends in data protection
- Software for data protection (world market)
- Software for data protection (the market of Russia)
- Pentesting (pentesting)
- Cybersecurity - Means of enciphering
- Cryptography
- VPN - Virtual private networks
- Security incident management: problems and their solutions
- Authentication systems
- Law on personal data No. 152-FZ
- Personal data protection in the European Union and the USA
- Quotations of user data in the market of cybercriminals
- Jackpotting
- Virus racketeer (encoder)
- WannaCry (virus racketeer)
- Petya/ExPetr/GoldenEye (virus racketeer)
- Malware (malware)
- APT - Targeted or target attacks
- DDoS and DeOS
- Attacks on DNS servers
- DoS-attacks on content delivery networks, CDN Content Delivery Network
- How to be protected from DDoS attack. TADetails
- Rootkit
- Fraud Detection System (fraud, fraud, fraud detection system)
- Solutions Antifraud directory and projects
- How to select an antifraud system for bank? TADetails
- Security Information and Event Management (SIEM)
- Directory of SIEM solutions and projects
- Than a SIEM system is useful and how to implement it?
- For what the SIEM system is necessary and as it to implement TADetails
- Intrusion detection and prevention systems
- Reflections of local threats (HIPS)
- Confidential information protection from internal threats (IPC)
- Phishing, DMARC, SMTP
- Trojan
- Botha's botnet
- Backdoor
- Worms Stuxnet Regin
- Flood
- Information loss preventions (DLP)
- Skimming (shimming)
- Spam
- Sound attacks
- Antispam software solutions
- Classical file infectors
- Antiviruses
- Cybersecurity: means of protecting
- Backup system
- Backup system (technologies)
- Backup system (security)
- Firewalls
Notes
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |