Common Attack Patterns in Physical Security
“Cyber security begins with a strong physical security.” At one point in every security team’s careers, I’m sure they have been a part of one in hundreds of daily arguments within organizations about whether to consider physical security as a part of cyber security. However, cyber security teams have accepted this age-old saga throughout the continents and have also outgrown multiple phases of acceptance. For this reason, physical security is the very first layer in the OSI model. Unfortunately, lapses in physical security can lead to tragic data losses. For instance, what would happen if a bank employee forgets to lock the safe vault full of valuables before leaving from work, only to return the next day and learn about an internal breach? Sadly, that would be his last day at work! Leaving aside hundreds of valuables lost, bringing the bank down to its knees with a handful of lawsuits waiting.
For the past few months, Metaverse has been breaking the internet with companies promising all sorts of analogies and problems that Metaverse can solve for a better future. But what exactly is Metaverse? It is nothing but the convergence of the virtual world with our physical world in thousands of different ways. The Metaverse is mainly a collection of thousands of physical servers that will provide the virtual capability programmed for it. Therefore, neglecting physical security would only hamper the “metaverse” dream over and above the traditional business activities. However, cyber security experts must also not forget about revolutionary innovation and businesses that thrive on the Internet of Things (IoT) that also constitutes demand for physical security.
Physical security attacks in cyber security are always on the rise due to their volatility. With an average breach costing $3.2 million in damage, it’s a no-brainer for the technology expert hackers in the world. As a result, they are planning and executing more attacks on the physical security of their targets. With that said, let’s learn about a few common attack patterns that are used widely in a typical physical security-based attack.
In this type of attack, the adversary uses sophisticated tools to obstruct everyday interactions between system components by disabling and interruption techniques to degrade or sometimes fail the service. For instance, the attackers use different methods to disable routes between two protocols to kill their communication between each other. This attack pattern is further classified into a few different categories such as:
- Route Disabling: In this type of attack, the adversary aims to completely shun the communication channel by disabling the routes between two entities. For instance, we all know the Border Gateway Protocol (BGP) is used to propagate and advertise internet routes from within a private network. However, BGP is also notoriously known for its vulnerability when misconfigured or under attack. BGP attacks usually result in making destination routes unreachable, redirecting routes to unexpected intermediaries, or sometimes impersonating services for wrong purposes. However, when a route disabling attack triggers, the adversary suppresses the intended Autonomous System (AS) routing advertisements forcing them to seek a less effective path over the internet that will most likely result in an unreachable network making genuine network route communication unavailable.
- Jamming: n this type of attack, the adversary uses radio noise or signals to disrupt communication channels by intentionally flooding genuine system resources and overwhelming them to deny authentic calls from the target’s authorized users. Jamming attacks are perhaps straightforward to trigger but can be pretty fatal because it becomes difficult to troubleshoot and differentiate genuine traffic from illegitimate ones. Furthermore, the attackers do not require internal information to generate a jamming attack because a mere interference signal can primarily block the communication of a wireless channel, introduce performance issues or damage the target’s control system. Therefore, a problem with a jamming attack is that it is effortless to launch. For instance, a laptop can become a jamming device that can release signals to hamper mobile communication, one such jamming attack was reported in the United Kingdom in 2015, wherein people couldn’t unlock their cars parked near a retail mall using their key fobs due to a presence of a jammer that interrupted the signals. Jamming attacks are classified into three attack patterns: Orbital Jamming, Wi-Fi jamming, and Cellular Jamming.
An orbital jamming attack can be launched by an adversary who can send arbitrary and disruptive signals at a target’s satellite using a rogue uplink station to hamper the intended signal transmission. It looks like Elon Musk must test SpaceX’s Starlink satellite internet that provides internet to most parts of planet earth.
Wi-Fi jamming is another attack pattern wherein the attackers either flood the corporate Wi-Fi access points with de-authentication frames or inject high noise levels on the radio frequency band used by the Wi-Fi device to prevent users from transmitting data over that Wi-Fi device.
Cellular jamming attacks are the most prevalent because the attacker has to disrupt the cellular towers by flooding and overwhelming them with false status messages. In return, the adversary avails thousands of mobile devices in today’s Prime Minister Modi’s digital age, where every Indian is glued to their mobile devices with a bit of help from Reliance Jio’s cheap internet data packages.
Bypassing Physical Locks
- Lock Picking: This type of attack pattern is the most widely used attack technique wherein to break open a physical lock, only a simple pin or a hook pin is required to manipulate the bolts inside a lock to push themselves up when the ridges of the pin are inserted that acts as a key. For some reason, the Indians will relate closely to such a type of attack, often used in many Bollywood films.
- Lock Bumping: This type of attack pattern uses a specially cut key is inserted in a lock which is slightly bumped with a mallet or a screwdriver to break open the lock.
- Snap Gun Lock: A snap gun lock is a handheld device that strikes all bottom pins of a lock at once with immense force and then withdraws it. Due to this kinetic force, the bottom pins inside the lock are shifted upwards into an unlocked position. This works similar to a lock bumping technique with only one difference that may damage the lock itself. Little did you know that your local locksmith is a skilled hacker.
Detection and Mitigation Often companies rush to implement physical security amidst a security breach without closely analyzing the entry point and technique used to bypass it. As a result, organizations also tend to miss identifying potential risks and weaknesses within their physical security posture. Although it is possible to prevent all physical security breaches, having the right toolsets and security measures minimize the damage if a breach gets through the physical locks.
Here are a few steps organizations can venture in to strengthen their physical security posture:
- Analyze potential risks aligned to each entry point of the infrastructure
- Implement robust access control mechanisms all such entry points
- Plan and execute the maintenance of all such mechanisms regularly
- Venture into security testing before executing them in a production environment
- Identify and implement scalable techniques to secure all entry points
- Use sophisticated surveillance techniques
- NIST cybersecurity framework and SANS framework works best for most organizations to implement a robust process around physical security
A good cybersecurity posture without a good building/infrastructure security is meaningless. Physical security is a part of cybersecurity, and both areas beg to work together, but often this is forgotten by most companies, and let those areas work in silos. Moreover, there’s a lot to circumvent your physical security posture ranging from threats, scalability, analyzing and predicting potential risks, data privacy, and a well-tested disaster recovery plan. Cyber security consultants at FnCyber are here for your rescue to support and help your security teams at all levels.