Warshipping Attacks

IBM X-Force Red researchers have discovered a new technique called warshipping, which is used to exploit package deliveries and remotely access networks without detection. Unlike wardialing and wardriving techniques, warshipping utilizes disposable, low-cost, and low-power devices to remotely infiltrate corporate or personal home networks and further exploit existing vulnerabilities, steal sensitive information, and exfiltrate data or credentials. Warshipping may pose a greater risk during popular shopping seasons or when employees ship orders to their place of employment. The NJCCIC recommends users follow security best practices such as connecting to trusted wireless networks, implementing a package policy for employees to avoid personal packages sent to businesses, and refraining from bringing packages into secure areas.

AlertNJCCIC