Why break into a company’s network when you can just walk right in– literally? From a report: Gone could be the days of having to find a zero-day vulnerability in a target’s website, or having to scramble for breached usernames and passwords to break through a company’s login pages. And certainly there will be no need to park outside a building and brute-force the Wi-Fi network password. Just drop your exploit in the mail and let your friendly postal worker deliver it to your target’s door. This newly named technique — dubbed “warshipping” — is not a new concept. Just think of the traditional Trojan horse rolling into the city of Troy, or when hackers drove up to TJX stores and stole customer data by breaking into the store’s Wi-Fi network.
But security researchers at IBM’s X-Force Red say it’s a novel and effective way for an attacker to gain an initial foothold on a target’s network. “It uses disposable, low cost and low power computers to remotely perform close-proximity attacks, regardless of the cyber criminal’s location,” wrote Charles Henderson, who heads up the IBM offensive operations unit.