"Cyber security begins with a strong physical security." At one point in every security team's careers, I'm sure they have been a part of one in hundreds of daily arguments within organizations about whether to consider physical security as a part of cyber security. However, cyber security teams have accepted this age-old saga throughout the continents and have also outgrown multiple phases of acceptance. For this reason, physical security is the very first layer in the OSI model. Unfortunately, lapses in physical security can lead to tragic data losses. For instance, what would happen if a bank employee forgets to lock the safe vault full of valuables before leaving from work, only to return the next day and learn about an internal breach? Sadly, that would be his last day at work! Leaving aside hundreds of valuables lost, bringing the bank down to its knees with a handful of lawsuits waiting.
For the past few months, Metaverse has been breaking the internet with companies promising all sorts of analogies and problems that Metaverse can solve for a better future. But what exactly is Metaverse? It is nothing but the convergence of the virtual world with our physical world in thousands of different ways. The Metaverse is mainly a collection of thousands of physical servers that will provide the virtual capability programmed for it. Therefore, neglecting physical security would only hamper the "metaverse" dream over and above the traditional business activities. However, cyber security experts must also not forget about revolutionary innovation and businesses that thrive on the Internet of Things (IoT) that also constitutes demand for physical security.
Physical security attacks in cyber security are always on the rise due to their volatility. With an average breach costing $3.2 million in damage, it's a no-brainer for the technology expert hackers in the world. As a result, they are planning and executing more attacks on the physical security of their targets. With that said, let's learn about a few common attack patterns that are used widely in a typical physical security-based attack.
In this type of attack, the adversary uses sophisticated tools to obstruct everyday interactions between system components by disabling and interruption techniques to degrade or sometimes fail the service. For instance, the attackers use different methods to disable routes between two protocols to kill their communication between each other. This attack pattern is further classified into a few different categories such as:
Jamming: n this type of attack, the adversary uses radio noise or signals to disrupt communication channels by intentionally flooding genuine system resources and overwhelming them to deny authentic calls from the target's authorized users. Jamming attacks are perhaps straightforward to trigger but can be pretty fatal because it becomes difficult to troubleshoot and differentiate genuine traffic from illegitimate ones. Furthermore, the attackers do not require internal information to generate a jamming attack because a mere interference signal can primarily block the communication of a wireless channel, introduce performance issues or damage the target's control system. Therefore, a problem with a jamming attack is that it is effortless to launch. For instance, a laptop can become a jamming device that can release signals to hamper mobile communication, one such jamming attack was reported in the United Kingdom in 2015, wherein people couldn't unlock their cars parked near a retail mall using their key fobs due to a presence of a jammer that interrupted the signals. Jamming attacks are classified into three attack patterns: Orbital Jamming, Wi-Fi jamming, and Cellular Jamming.
An orbital jamming attack can be launched by an adversary who can send arbitrary and disruptive signals at a target's satellite using a rogue uplink station to hamper the intended signal transmission. It looks like Elon Musk must test SpaceX's Starlink satellite internet that provides internet to most parts of planet earth.
Wi-Fi jamming is another attack pattern wherein the attackers either flood the corporate Wi-Fi access points with de-authentication frames or inject high noise levels on the radio frequency band used by the Wi-Fi device to prevent users from transmitting data over that Wi-Fi device.
Cellular jamming attacks are the most prevalent because the attacker has to disrupt the cellular towers by flooding and overwhelming them with false status messages. In return, the adversary avails thousands of mobile devices in today's Prime Minister Modi's digital age, where every Indian is glued to their mobile devices with a bit of help from Reliance Jio's cheap internet data packages.
Bypassing Physical Locks
Detection and Mitigation Often companies rush to implement physical security amidst a security breach without closely analyzing the entry point and technique used to bypass it. As a result, organizations also tend to miss identifying potential risks and weaknesses within their physical security posture. Although it is possible to prevent all physical security breaches, having the right toolsets and security measures minimize the damage if a breach gets through the physical locks.
Here are a few steps organizations can venture in to strengthen their physical security posture:
A good cybersecurity posture without a good building/infrastructure security is meaningless. Physical security is a part of cybersecurity, and both areas beg to work together, but often this is forgotten by most companies, and let those areas work in silos. Moreover, there's a lot to circumvent your physical security posture ranging from threats, scalability, analyzing and predicting potential risks, data privacy, and a well-tested disaster recovery plan. Cyber security consultants at FnCyber are here for your rescue to support and help your security teams at all levels.