What Are Physical Access Attacks and How Do I Stop Them?
Physical access attacks encompass all the ways someone could steal your information. When attackers are able to physically reach a system, they can wreak havoc in the business operations, databases, documentations or archives, thieve confidential information, capture traffic through attaching a protocol analyzer to your network and so on.
Let’s say you are working at your local Starbucks; only for a moment, you get up for a refill, leaving your laptop on the table, believing nothing bad can happen while you’re away; but should you turn your head, someone comes by, inserts a USB device and steals your data, or deploys malicious software onto your device. Of course, it’s just a rough example; but it demonstrates well that in actual it is just as simple, and it leaves you with a compromised system or corrupted, rendered inaccessible data.
All the above means any education, as well as user awareness training on social engineering will be beneficial for them.
PHYSICAL ACCESS ATTACKS: A TOOL OF SOCIAL ENGINEERING
Since it includes both technical and administrative elements, physical security is often overlooked due to lack of awareness: to avert hacking attacks, most organizations are focusing on technology-oriented security countermeasures — and, despite the fact industry leaders have been saying for ages that physical access will always trump digital controls, physical security remains one of the weakest points in an otherwise robust defense.
Not only malefactors from outside organisations, however, may be involved in inflicting harm on the crucial information stored in your device — those can also be insiders: disgruntled employees, greedy contractors, malevolent business partners etc. This is why companies should keep an eye on their routers, firewalls, server farms, cameras, doors, fences, lights, and key systems that are often ignored and exploited; once the importance of real-world security is taken into account in addition to efforts on the digital front, it might save them from vast material losses.
Now, the most common ways of physical access attacks (apart from actual breaking into server rooms, of course) are invasions via USB and insecure passwords.
When you or someone else plug equipment into a USB connection, your computer has a USB host controller that it joins to. This connection runs similar to an internet connection in that it contains packets and other components. Upon accepting the connection, the host then presents the USB device to the operating system, and this could represent the biggest risk to your computer’s data. If the USB device possesses malicious packets, these can transfer onto your device; once successful transfer happens, these files can corrupt your entire system. Even worse, they can deploy a Rubber Ducky attack, which creates malicious code by mimicking the keyboard.
As to the physical access through the USB, Google Chrome’s intention to limit USB access will come to your aid: in case you leave your laptop alone (but have the foresight to lock the screen) and someone tries to plug in a USB device, the computer’s operating system will prevent it from executing the code. Along with this, Google is adding a feature that allows users to disable all USB connections from their Chromebook, eliminating any of the USB attacks from happening.
Since they represent a common access point into a PC and network, passwords are considered to be vulnerable to attacks by hackers as they may allow the intruders to access files and other data. A physical access attacks caused by broken passwords remain quite frequent case these days — which is why knowing what can be done about it is a must since there’s a risk each computer user may face.
The most common advice for precluding such incidents consists of a) using hard-to-guess passwords, and b) regularly changing them in order to prevent hackers from cracking the access and using them to penetrate your system.
Meanwhile, improved method to protect a PC and network from physical access attacks includes also investing in biometric devices in addition to — or to eliminate the need of — using passwords. This, however, is quite an expensive way (especially if users want to protect multiple computers).
TIPS FOR PREVENTING PHYSICAL ACCESS ATTACKS
Since hackers prey on the easiest opportunities, physical security control includes extra precautions.
- Refrain from leaving your device unattended (especially in public areas) should also be remembered. And, if for some reason you have to, lock the screen before leaving. Doing so can shield your device from executing malicious files.
- Apply best practices when setting passwords — select long passwords which include letters, numbers and special characters, and bother to change them frequently. If needed, consider using tools, such as enterprise password management or Identity and Access Management (IAM), as an additional measure.
- Deploy two factor authentication (2FA) and biometric devices for better protection.
- Avoid utilizing USB devices that came from untrusted sources.
- Watch over all the elements of physical security of your enterprise (fences, key systems, security alarms etc).
Finally, if you lose data due to malicious code, physical hardware failures or other problems, know solutions could be available: the team at SALVAGEDATA specializes in data recoveries for a diverse array of server and device types, so we can surely help you there!