You might have heard that recently a Bermudan firm had been hacked and a number of documents relating to super-rich clients have been compromised. It doesn’t matter if you’re
a Bermudan legal firm or Columbus bankruptcy attorneys, the reality is that an incident of this nature can have a huge impact on your organisation and understanding how it can happen is the first step towards preventing it happening again.
The reality is that there are many attack vectors a bad actor could use to get there hands on your data, and today I came across a new one you should really know about. It’s a little device by the company Hak5 (of Wifi Pineapple fame) called the Packet Squirrel. This little device sits on your network, sniffs traffic and can be configured to perform all sort of operations with your data. It can dump every packet it finds to a USB stick for later analysis, it can even create a VPN to a destination server and pump all the traffic it received off to your listening server.
Why do I bring this up? Well, we spend a lot of time thinking about ways an organisation can be compromised and we typically spend a disproportionate amount of time focusing on network perimeters. Firewalls and Wifi hotspots are places we spent a lot of time. But one mustn’t forget physical security as part of a review. It could be trivial to plug one of the devices into a network and quickly subvert any protection an organisation has in place.
Be vigilant out there!