The U.S. Postal Service processes and delivers 484.8 million mailpieces of first-class mail a day — roughly one-and-a-half mailpieces for every person in the U.S. — in a single day. That’s without accounting for the millions of shipments delivered through international couriers. On-demand, free and same-day delivery options mean that virtually anything is accessible at any time and can be sent straight to our doorstep. What most people don’t realize is that some packages they receive may be looking to steal personal or confidential information. And the proliferation of e-commerce-related package deliveries is exactly what cybercriminals can exploit with a tactic IBM X-Force Red is calling “warshipping.”
IBM X-Force Red investigated how cybercriminals might seek to exploit package deliveries to hack into corporate or personal home networks right from the office mailroom or from someone’s front door. Think of the volume of boxes moving through a corporate mailroom daily. Or, consider the packages dropped off on the porch of a CEO’s home, sitting within range of their home Wi-Fi. Using warshipping, X-Force Red was able to infiltrate corporate networks undetected. Our aim in doing so was to help educate our customers about security blind spots and modern ways adversaries can disrupt their business operations or steal sensitive data.