262,000 suspicious mail items in 2021.   6,300 threats  —  are you prepared?

Download our Annual Mail Security report.

Mail Threat Alert - OctoberAugust September July 2020

Dangerous Mail Report Download

When it comes to physical security, your organization faces risks from every angle. One of the most overlooked and neglected components of a physical security plan is mail safety.

A thorough assessment of how your organization deals with threats through the mail is paramount.

When performing this assessment you have to think outside the box and be open to the evolution of threats and what they may look like in the future. The never-ending battle against cybercriminals has been fought on many fronts and the mailroom is now one of them.

There is a new technique IBM X-Force Red is calling warshipping and it has been gaining some much-needed attention. X-Force Red presented this technique at the annual Black Hat Cybersecurity Conference and opened a few eyes to the ever-evolving nature of mailroom security.

Let’s talk through what worshipping is and two things you can do to help protect your organization.

What is warshipping?

Warshipping is when a small, computerized device is mailed to your organization with the intent to gain entrance to your network.

Using a cheap computer, which draws minimal power, this technique bypasses your physical security measures by entering your organization through the mail stream.

It gets the attacker the close-proximity he needs, as he can operate it from a remote location, minimizing physical exposure to the target. The device can be as small as a cellphone allowing it to be concealed in a number of ways.

Unknown Mail Package.
A simple package, which looks like any other piece of mail your organization processes, can bypass your existing physical security measures, leaving your organization vulnerable.

Warshipping is a simple and cheap way for cybercriminals to utilize the mail to execute an attack on your organization. It allows an adversary to introduce the threat through one of the most vulnerable components of an organizations security, the mailroom.

According to Charles Henderson, head of IBM’s Offensive Operations arm, “The device, a 3G-enabled, remotely controlled system, can be tucked into the bottom of a packaging box or stuffed in a child’s teddy bear (a device no bigger than the palm of your hand) and delivered right into the hands or desk of an intended victim.”

How can you prevent warshipping?

As an organization who is vulnerable to these types of attacks, what can you do to protect yourself?

1. Prioritize a strong network security

As technology and tactics evolve it is paramount to be up to date on techniques, trends, and more. Network audits, up-to-date wireless and mobile device policies, and constant mail security training are just a few of the many things you need to stay on top of. As with all of your security efforts, complacency can your worst enemy.

2. Ensure your mail handling and mail screening procedures address threats such as these.

Restricting personal delivery, using remote mailrooms for processing and screening, package imaging, cellular intrusion detection, and limiting connectivity are just a few of the options. Be sure to take a comprehensive look at your mail security to find the best way to integrate it into your security plan.

IT and Network Vulnerabilities through the Mail

Most people think of CBRNE threats when discussing mail-borne threats: chemical, biological, radiological, nuclear, and explosive. All of these, including radioactive (RDD) mail threats are serious risks, but there are other, less common risks out there, too.

Aside from conventional mail threats to an organization’s personnel and infrastructure via CBRNE, mail vulnerabilities also pose a serious risk to IT and cyber assets.

Recent testing by IBM has highlighted a practice known as “warshipping” where miniature electronic devices are hidden in small packages and envelopes to enable remote access to secure WIFI networks once inside the building.

These threats bridge the gap between physical security and cybersecurity and are designed to exploit one of the easiest means of entry into buildings – access through the mail.

With no shortage of introduction methods, it is up to the ingenuity of the attacker.

One example of this is shipping to an individual on parental leave to introduce a package into an organization that may sit unopened for months without raising alarm.

The only limiting factor of these devices is the battery power required to keep them operating.

News Link: https://www.helpnetsecurity.com/2019/08/07/warshipping/

What you need to know:

Small electronic cellular, Bluetooth and WIFI devices hidden in objects and packaging designed to enter your facility through the mail.

Once inside your building, these systems act as mobile WIFI, LTE or Bluetooth gateways that allow remote users to gain access to on-site networks and communication systems.

Active mail screening is the primary means of defense as other means of deterrence shut down or block normal facility required functions.

MailSecur mmWave scanning technology provides the most comprehensive solution to detect and mitigate these threats.