Page 12 - CDM Cyber Warnings February 2014
P. 12
using outsourced service providers as a means to gain http://www.stewin.org/papers/dimvap15-stewin.pdf.
access to their victims.�
“U.S. networks are built
Outside Hackers & State Actor Attacks
on inherently insecure
In the same way that a malicious insider can extract
sensitive information, hackers can penetrate the physical architectures with
perimeter and access server data. Outsiders typically
increasing use of
combine �low tech � social engineering with �high tech �
attacks to pilfer sensitive information.
In one recent episode, thieves attempted to install an illicit foreign-built
Keyboard-Video-Mouse (KVM) device on IT equipment
at a bank branch in the United Kingdom. The audacious components”
scheme involved impersonating IT service personnel to
install a KVM device that could be operated remotely and According to a 2013 Department of Defense Defense
hack into the enterprise network while avoiding potential Science Board task force report: �U.S. networks are built
detection by perimeter security measures. on inherently insecure architectures with increasing use of
foreign-built components�.
The perpetrators of the �outsider� attacks can be criminals,
or even state actors engaged in industrial espionage. State PrivateCore recently researched vulnerabilities in the Linux
actors have the resources, time and money to compromise kernel device drivers and found that 50% of the sample set
hardware components that can be installed in servers to we tested were vulnerable to code injection attacks
steal valuable intellectual property. triggered by input generated from a malicious hardware
device that is installed on the system. Given the millions of
IT Hardware Supply Chain lines of device driver code in the Linux kernel as well as
other operating systems, this represents an extremely large
The hardware supply chain is subject to a wide range of
attack surface. If bad actors can attack a system through
vulnerabilities that can be used to compromise sensitive
device drivers, they can install rootkits to extract
information. A quick internet search on the term
information on an ongoing basis without detection.
�malicious hardware � yields a wealth of research on the
topic. Malicious hardware devices can take advantage of
most interfaces on a computer, including Firewire
interfaces and Peripheral Component Interconnect Express
(PCIe) slots on a server. Bad actors can design hardware to
take advantage of open interface standards such as PCIe to
fit malicious devices into empty slots and extract data from
systems.
Vulnerabilities also exist in hardware already present in the
enterprise IT supply chain. Researchers recently reported
on how malware installed on dedicated hardware like
network and graphics cards can directly access the memory A unique feature in this sort of attack lies in using the
of the host machine undetected: hardware devices� firmware code and flawed firmware
update mechanism for keeping malware persistent. This
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 12