Stethoscope on tablet and laptop keyboard showing need to focus on hardware security risks

Hardware Security Risks: Plans for Reentering the Workplace With Compromised Devices

With COVID-19 seemingly changing the world we live in forever, there are many adjustments that organizations need to make in order to adapt to the new world. Some of the obvious new norms that organizations are implementing include increasing the physical distance between employees’ desks in the office and staggering schedules to minimize the number of people in the office at any one time. For those who like their personal space, these changes sound only too ideal.

But what about the non-health-related risks? Yes, COVID-19 is not only posing a risk to your physical wellbeing, but also to your organization’s cybersecurity. The worldwide pandemic has caused almost all enterprises to temporarily close their doors, if not permanently. For many this has meant introducing, or further implementing, Work from Home (WFH) policies. The concept of working from home might sound idyllic – waking up later, staying in your pajamas all day, working in bed (nope, just me?) and, importantly, often using your own device to connect to the company’s network.

However, this last “perk” is not as positive as it may seem. With more device access to the organization’s network comes greater chances of a cyberattack taking place and, in this instance, we are talking about hardware attacks. These perilous attacks are given less attention yet present an alarming risk to the security of an enterprise. As a result, CISOs will need to plan and put in place policies to provide protection for these new risks.

Open networks

Working from home does not always mean working from home, but “working from anywhere other than the office” does not roll off the tongue quite as smoothly. Therefore, employees are essentially free to work anywhere they like (depending on the company’s WFH policy). Coffee shops, libraries, friends’ houses, and more can all become your new office – provided that you are maintaining a two meters’ distance from others of course. However, this means connecting to open networks which, normally, we do not think twice about.

But who set up that Wi-Fi router? Can it be trusted? Sure, if you are working at a friend’s house and using their Wi-Fi the chances that they are an evil perpetrator looking to sabotage your job are slim (or so I would hope…), but attackers are resourceful and can manipulate open network sources that they know are used by many people for work purposes. So maybe you are safe working at a friend’s house (although cybersecurity should always be approached with a zero-trust mindset), but public spaces are definitely an area to be highly cautious of.

Connecting to a manipulated Wi-Fi source just once can provide bad actors with access to the organization’s network – and its confidential data – for prolonged periods of time. Returning to the office with a compromised device will only give attackers further access to more confidential information. And, as these attacks occur on the Physical Layer, they will go undetected since existing security software solutions do not cover this. Hence why these attacks are so hazardous.

Spoofed peripherals

Devices often have peripherals attached to them one way or another – a keyboard, mouse, USB drive, charger etc. Peripherals themselves are being increasingly used by bad actors as the attack tool of choice since they are almost always being used by unsuspecting victims. Manipulating these peripherals can provide perpetrators with access to the devices to which they are connected and, from here, cause a cyberattack. More devices mean more peripherals and more peripherals mean more chances of an attack.

This risk continues when employees are permitted back into the office as they might bring these peripherals with them and they are most definitely not a welcomed guest – but lucky for the peripherals, you will not even know that they are there. Okay, yes, you probably will notice that they are there but you, nor your computer, will notice that they are Rogue Devices causing damage.

You won’t because it looks exactly like what you expect it to look like and does what you expect it to do (along with the malicious activity you are not expecting it to do). But your computer will recognize these devices as legitimate HIDs, thus not causing any security alarms. Apparently, computers are not so smart. And we want to trust them with driving cars…no thanks…

What can happen?

So, I’ve said that you should be aware of the risks of manipulated hardware and that CISOs must be proactive in how they are going to deal with the return of devices which have potentially been compromised during the course of the proliferation of WFH. But why just take my word for it? Let me give you examples to demonstrate why this is such a perilous threat.

Man-in-the-middle (MITM) attack

A MiTM attack allows the attacker to sniff the private traffic between two hosts. This can provide the perpetrator with unauthorized access to confidential data through the manipulation of communication between the two entities. Think of it this way: you text your friend saying A, but they receive a message saying B. Neither of you know that you are both seeing different messages and when your friend responds with C, the attacker alters the message so that you see the response as D. As a result, you and your friend are none the wiser that a third party has seen and changed your communication. Now just apply this concept to any two entities that communicate with each other and you can see why this is a big concern.

Advanced Persistent Threat (APT) attack

An APT attack is a clandestine attack which is most often affiliated with a state, or state-sponsored groups due to its sophisticated nature. It allows the attackers to go deep into the target’s network for long periods of time using advanced methods to ensure that it goes undetected. State or company secrets can be acquired, and confidential data can be stolen. These attacks are often targeted at government agencies or critical infrastructure, thus having a significant impact.

Mouse/keyboard emulation

Due to input capabilities, some Rogue Devices can act as a mouse or keyboard, allowing it to trigger payloads that cause a range of damage. Essentially, the device can act like a human and click links that cause the installation of malware, for example.

Malware

Malware injection can be very harmful to an organization due to there being a variety of possible outcomes, depending on the malware code. Often, malware can result in a data breach as well as operational disruption, such as Distributed Denial of Service (DDoS) which causes the server to become unable to function. Malware can have long term, indirect effects on the enterprise and, hence, is something that you want to strongly avoid.

What can you do?

The purpose of this article was not to scare you. Okay, it was. But it was not to scare you without offering some ways to reduce the risk of a hardware attack when employees and their devices return to the office.

Updated anti-malware software

Since Rogue Devices can have the ability to inject malware, having up to date anti-malware software is essential so that there is comprehensive coverage for known malware.

Zero Trust Network Access

Based on the principle of “never trust, always verify”, ZTNA ensures that trust is not automatically given, and that access is granted on a “need-to-know”, least-privileged basis. Since ZTNA recognizes that trust is a vulnerability that can easily be exploited by bad actors, lateral movement is prevented which complicates a potential attack.

Staff training

Increasing awareness of the risks of hardware attacks will be an important step in minimizing the chances of one taking place. Since careless employees are the greatest risk to all organizations, understanding their own actions can cause a cyberattack will (hopefully) cause staff to think twice about what they are doing.

Rogue device mitigation

The best way to reduce the risk of Rogue Device attacks is to implement a Rogue Device Mitigation software that can detect such attack tools and take action to prevent their success. This is a very valuable asset to have as Rogue Device attacks, as mentioned, do not raise any security alarms. As such, Rogue Device Mitigation software will be the only option for enterprises to be sure that these malicious devices do not go undetected.

Summary

The focus of employees returning to the office should not only be on healthcare-related practices. There has been a significant increase in the number of cyberattacks – attempted and successful – and this should also be heavily focused on by organizations and their security departments in order to make the return to normality as smooth as possible. Hardware attacks are becoming a more popular method by bad actors looking to cause damage – and COVID-19 has only made it easier to conduct these types of attacks – yet the awareness of this threat is not rising at the same rate, thus leaving companies extremely vulnerable.