H-ISAC TLP White Threat Bulletin: Warshipping - July 28, 2022

Warshipping Overview: 

Physical and cybersecurity risks continue to rise amid Russia's invasion of Ukraine, COVID-19 mandates, and other forms of social discord. Warshipping is no exception. Warshipping is the process of utilizing a physical package delivery service to deliver an attack on a victim's computer network. For example, a miniature computer is sent through physical mail, where it will land at its designated target. Targets can vary, however, threat actors are more likely to target sectors with a plethora of data and critical infrastructure sectors such as healthcare, technology and telecoms, manufacturing, government facilities, and financial services. There are two main methods of a warshipping attack. The first is to ship a Raspberry Pi to an intended target, where it will sit in a mailroom, latching onto an organization's Wi-Fi moving laterally through networks. The second method is shipping a USB device rigged with malware to its designated target and physically inserting the USB drive into the organization's system. 

Once the warshipping package is delivered to its intended target or inserted into an organization system, the device can sit for months unattended in unopened mail on desks and in mailrooms, gathering data and exploiting vulnerabilities in a company's network.

Building and employing a warshipping device is easy and inexpensive, putting organizations at an elevated risk.

View the detailed report below.