Hackers at your Doorstep: The Threat of Warshipping

By September 22, 2020 Blog, Non-Profit
Warship device hidden in cardboard box

Updated: Sept 22nd, 2020

According to a recent Washington Post-ABC News poll, 90% of Americans are staying home to prevent the spread of the Coronavirus. Instead of venturing out to stores to make purchases, many consumers are turning to online shopping and online sales for some products are spiking. Not surprisingly, a large percentage of the increased sales are for health and wellness products. And businesses that have been deemed “essential” are relying more heavily on online shopping as well to meet their needs while limiting employee exposure.

A surge in online shopping means more opportunities for cybercriminals. As a result, a relatively new technique called warshipping is becoming a growing concern for cybersecurity experts. It’s an evolution of wardriving, the technique that led to the major TJX hack in 2005 and ultimately cost the company as much as two billion dollars.

With wardriving, hackers drive around looking for poorly protected wireless networks. Once they gain access, they steal confidential information including credit and debit card numbers. After that, their next step is the dark web, to turn their ill-gotten gains into cash.

But there are obvious limitations to wardriving. Circling around a retail store frequently can look suspicious. Warshipping is effective because it takes the same concept – capitalizing on weak wireless network security – and applies it to shipments.

For less than $100, a small, discrete hacking device can be assembled and hidden in a package. Once the package has been delivered, the hacker activates it remotely and scans for exploitable connections. These simple electronics can also be designed to broadcast a parallel wireless network, tricking users into providing their real usernames and passwords when they try to log on.

How to Protect Your Business

Several easy steps can limit your exposure to a successful warshipping campaign.

First, question every package, whether it is received at a corporate address or a home office. Was it ordered by you or your staff?  Scrutinize each package that comes through the door.

Second, thoroughly check all packaging for unexpected contents. Any unexpected electronics should raise immediate alarm bells. Even if nothing out of the ordinary is found, you should still discard cardboard boxes and packaging materials quickly.

Third, mandate security-first corporate policies, including strong passwords, log-in certificates, and multifactor authentication. Avoid using pre-shared keys or other credentials.

Lastly, partner with experienced cybersecurity experts that can anticipate vulnerabilities and fill in the gaps. If you’re seeking a Managed Services Provider with that kind of know-how, you’ve come to the right place! Contact us today for more information.

Leave a Reply