Common Attack Patterns in Physical Security

“Cyber security begins with a strong physical security.” At one point in every security team’s career, I’m sure they have been a part of one in hundreds of daily arguments within organizations about whether to consider physical security as a part of cyber security. However, cyber security teams have accepted this age-old saga throughout the continents and outgrown multiple acceptance phases. For this reason, physical security is the first layer in the OSI model. Unfortunately, lapses in physical security can lead to tragic data losses. For instance, what would happen if a bank employee forgets to lock the safe vault full of valuables before leaving work, only to return the next day and learn about an internal breach? Sadly, that would be his last day at work! Leaving aside hundreds of valuables lost, bringing the bank down to its knees with a handful of lawsuits waiting.

For the past few months, Metaverse has been breaking the internet with companies promising all sorts of analogies and problems that Metaverse can solve for a better future. But what exactly is Metaverse? It is nothing but the convergence of the virtual world with our physical world in thousands of different ways. The Metaverse is a collection of thousands of physical servers that will provide the virtual capability programmed for it. Therefore, neglecting physical security would only hamper the “metaverse” dream over and above traditional business activities. However, cyber security experts must also not forget about revolutionary innovation and businesses that thrive on the Internet of Things (IoT) that also constitutes demand for physical security.

Physical security attacks in cyber security are always on the rise due to their volatility. With an average breach costing $3.2 million in damage, it’s a no-brainer for the technology expert hackers worldwide. As a result, they are planning and executing more attacks on the physical security of their targets. Let’s learn about a few common attack patterns that are used widely in a typical physical security-based attack.

Obstruction

In this attack, the adversary uses sophisticated tools to obstruct everyday interactions between system components by disabling and interrupting techniques to degrade or sometimes fail the service. For instance, the attackers use different methods to disable routes between two protocols to kill their communication with each other. This attack pattern is further classified into a few different categories such as:

• Route Disabling: In this type of attack, the adversary aims to completely shun the communication channel by turning off the routes between two entities. For instance, we all know the Border Gateway Protocol (BGP) is used to propagate and advertise internet routes from within a private network. However, BGP is also notoriously known for its vulnerability when misconfigured or under attack. BGP attacks usually make destination routes unreachable, redirect paths to unexpected intermediaries, or sometimes impersonate services for wrong purposes. However, when a route-disabling attack triggers, the adversary suppresses the intended Autonomous System (AS) routing advertisements, forcing them to seek a less effective path over the internet that will most likely result in an unreachable network, making genuine network route communication unavailable.
• Jamming: In this type of attack, the adversary uses radio noise or signals to disrupt communication channels by intentionally flooding genuine system resources and overwhelming them to deny authentic calls from the target’s authorized users. Jamming attacks are perhaps straightforward to trigger but can be fatal because it becomes difficult to troubleshoot and differentiate genuine traffic from illegitimate ones. Furthermore, the attackers do not require internal information to generate a jamming attack because a mere interference signal can primarily block the communication of a wireless channel, introduce performance issues or damage the target’s control system. Therefore, a problem with a jamming attack is that launching is effortless. For instance, a laptop can become a jamming device that can release signals to hamper mobile communication; one such jamming attack was reported in the United Kingdom in 2015, wherein people couldn’t unlock their cars parked near a retail mall using their key fobs due to a presence of a jammer that interrupted the signals. Jamming attacks are classified into three attack patterns: Orbital Jamming, Wi-Fi jamming, and Cellular Jamming.
  An orbital jamming attack can be launched by an adversary who can send arbitrary and disruptive signals at a target’s satellite using a rogue uplink station to hamper the intended signal transmission. Elon Musk must test SpaceX’s Starlink satellite internet that provides internet to most parts of Earth.
  Wi-Fi jamming is another attack pattern wherein the attackers either flood the corporate Wi-Fi access points with de-authentication frames or inject high noise levels on the radio frequency band used by the Wi-Fi device to prevent users from transmitting data over that Wi-Fi device.
  Cellular jamming attacks are the most prevalent because the attacker has to disrupt the cellular towers by flooding and overwhelming them with false status messages. In return, the adversary avails thousands of mobile devices in today’s Prime Minister Modi’s digital age, where every Indian is glued to their mobile devices with some help from Reliance Jio’s cheap internet data packages.

Bypassing Physical Locks

• Lock Picking: This type of attack pattern is the most widely used attack technique wherein to break open a physical lock, only a simple pin or a hook pin is required to manipulate the bolts inside a lock to push themselves up when the ridges of the plug are inserted that acts as a key. For some reason, the Indians will relate closely to such an attack, often used in many Bollywood films.
• Lock Bumping: This attack pattern uses a specially cut key inserted in a lock, which is slightly bumped with a mallet or a screwdriver to break open the lock.
• Snap Gun Lock: A snap gun lock is a handheld device that strikes all bottom pins of a wave at once with immense force and then withdraws it. Due to this kinetic force, the bottom pins inside the lock are shifted upwards into an unlocked position. This works similarly to a lock bumping technique with only one difference that may damage the lock itself. Little did you know that your local locksmith is a skilled hacker.

Detection and Mitigation Often, companies rush to implement physical security amidst a security breach without closely analyzing the entry point and technique used to bypass it. As a result, organizations also tend to identify potential risks and weaknesses within their physical security posture. Although it is possible to prevent all material security breaches, having the right toolsets and security measures minimizes the damage if a breach gets through the physical locks.

Here are a few steps organizations can venture in to strengthen their physical security posture:

• Analyze potential risks aligned to each entry point of the infrastructure
• Implement robust access control mechanisms in all such entry points
• Plan and execute the maintenance of all such means regularly
• Venture into security testing before performing it in a production environment
• Identify and implement scalable techniques to secure all entry points
• Use sophisticated surveillance techniques
• NIST cybersecurity framework and SANS framework work best for most organizations to implement a robust process around physical security

Conclusion

A good cybersecurity posture without good building/infrastructure security is meaningless. Physical security is a part of cybersecurity, and both areas beg to work together, but often this is forgotten by most companies, and let those areas work in silos. Moreover, there’s much to circumvent your physical security posture, ranging from threats, scalability, analyzing and predicting potential risks, data privacy, and a well-tested disaster recovery plan. Cyber security consultants at FnCyber are here for your rescue to support and help your security teams at all levels.