With warshipping,hackers ship their exploits directly to their targets mail room

[ChrisSmolinski]

With warshipping, hackers ship their exploits directly to their target’s mail room

Why break into a company’s network when you can just walk right in — literally?

Gone could be the days of having to find a zero-day vulnerability in a target’s website, or having to scramble for breached usernames and passwords to break through a company’s login pages. And certainly there will be no need to park outside a building and brute-force the Wi-Fi network password.

Just drop your exploit in the mail and let your friendly postal worker deliver it to your target’s door.

This newly named technique — dubbed “warshipping” — is not a new concept. Just think of the traditional Trojan horse rolling into the city of Troy, or when hackers drove up to TJX stores and stole customer data by breaking into the store’s Wi-Fi network. But security researchers at IBM’s  X-Force Red say it’s a novel and effective way for an attacker to gain an initial foothold on a target’s network.

“It uses disposable, low cost and low power computers to remotely perform close-proximity attacks, regardless of the cyber criminal’s location,” wrote Charles Henderson, who heads up the IBM offensive operations unit.

Full article: https://techcrunch.com/2019/08/06/warshipping-hackers-ship-exploits-mail-room/

[Josh]

Wondered what the vector was. Secure your wifi and shouldn't be a problem.

This to me is much more troubling;
Zombieload jumped though a Tor browser in a VM and attacked the host machine, straight through the CPU hardware.

[Fansome]

I'm at DEFCON right now, communing with the other extraterrestrials. I'll see what they have to say about this.

[Pigmeat]

Wear foil under your colander headgear, Al. It's a double brain block.

If you see Eddie Torres tell him I said "Hi". That "E.T." flick they did about him in the early 80's stands up almost as well as "Cheech & Chong" bits from the same era.