Rogue Devices

Rogue Devices

Rogue devices refer to devices that operate on a network without proper authorization or without being under the control of the network administrator. These devices can pose security risks and may compromise the integrity, confidentiality, and availability of a network. Rogue devices are usually undetected by IT security teams. They have been maliciously tampered by hackers to target assets on a network of interest. They are doctored to exploit their Ethernet or USB Human Interface Design to accomplish an cyber attack objective. Sepio’s platform provide a comprehensive solution for hardware-based security and rogue device mitigation, by combining advanced machine learning, device visibility, risk prioritization, and granular access controls. Sepio’s rogue device detection software is a cutting-edge solution designed to identify and mitigate the risks associated with unauthorized and potentially malicious hardware devices on a network.

Rogue Devices Research

This research note, jointed produced by TAG Cyber and Sepio, makes the case that Rogue Devices represent a particularly intense threat to financial institutions. This indicates an increasing need for proficient cyber security in financial institutions. Several example threats, including to automated teller machines (ATM Jackpotting Attacks) are used to show how rogue devices can be used to create negative consequences to the financial services sector, as well as other critical infrastructure sectors. The note includes detailed case studies of rogue device attacks tools being used in practice.

Threats to Financial Institutions

Before getting into the details of rogue devices, it helps to highlight the security challenges in financial services. As experts know, the financial services industry is one of the most important in the world. Being a primary source of economic growth and development for a country. The wide range of services offered by financial institutions means that they are an essential component to any nation, thus making this a core component of national critical infrastructure.
As such, financial institutions store a substantial amount of data on its clients, including personally identifiable information (PII). This makes bad actors prioritize financial service providers as their top targets. In fact, hackers target financial service firms 300% more often than businesses in other industries. Therefore, it’s not unreasonable to assert that financial services organizations encounter billions of attempted attacks every year.

Rogue Devices High Level Overview

Rogue devices are pieces of hardware, usually undetected by IT security teams. They have been maliciously tampered by hackers to target assets on a network of interest. Rogue devices are doctored to exploit their Ethernet or USB Human Interface Design (Bad USB) to accomplish an attack objective. These devices include modified peripherals such as cameras, chargers, mice, and keyboards. And since rogue implants operate at the physical layer, it is difficult for traditional security tools to detect their presence. Such covert operation makes rogue devices dangerous for security teams protecting critical assets – as one finds obviously in banks.
Rogue devices are generally manipulated to support some malicious objective. By using the hardware attack interface, bad actors increased their chances of success since the attack can easily go undetected. Hardware implants sit on the physical layer, for example, thus going unnoticed by existing security software solutions. The system will recognize spoofed peripherals as genuine devices when executing the attack through a USB HID interface (USB Attacks). Spoofed MiTM attacks with network devices do not raise alarms.
These devices are thus threatening due to their covert characteristics. Moreover, the attacks that these devices can carry out cause serious damage to the victim.

Rogue Devices Can Accomplish a Surprisingly Wide Range of Cybersecurity Threats

This broad capability stems from the fact that rogue devices involve implants that individuals can design to execute various types of attacks. Hackers, utilizing conventional methods, acquire the knowledge of malicious exploit techniques, which may include nation-state sponsored approaches. They subsequently incorporate these exploits into manipulated devices, aiming to establish communication with the external environment via the USB HID or Ethernet interface.

Consequences of Rogue Device Threat

Rogue devices can pose considerable threat implications for financial services firms. Particularly when capable adversaries like nation-state actors carry out the attacks. While soft consequences such as reputation must always be expected after an attack of this type, the more tangible implications of rogue device security attacks on the financial services industry are as follows:

Direct Financial Loss

Rogue devices pose a significant threat to various systems, including ATMs, where they can be used for activities such as ATM Jackpotting. When rogue device are used in ATMs cyber attacks and other systems that can dispense cash immediately, the financial losses are direct and immediate. It is not difficult to imagine this being done at scale and in a manner that creates a large aggregate loss.

Indirect Financial Loss

When a bank or another financial institution discovers and reports rogue devices, it can negatively affect present and future consumer and commercial business. Even a small percentage hit can result in a considerable loss.

Response Costs

Preventing is easier and cheaper than finding and addressing their consequence after an attack. The incident management costs of rogue devices attacks can thus lead to considerable operating expenses to respond, report, and remediate.

Compliance Costs

Financial service firms face considerable compliance costs when reporting, fixing, and providing evidence to external entities for rogue device attacks. Detecting these attacks will have lower compliance costs than responding to them.

Sepio’s Platform and Rogue Device Mitigation

Unlike software-based attacks, which exploit vulnerabilities in software and can often be addressed through software patches and updates, hardware-based attacks require the use of rogue devices. Which go under the radar of existing security solutions by operating on the physical layer. How to detect rogue devices on network?

Sepio’s physical layer-based Asset DNA technology relies on device existence rather than behavior. Discovering and identifying all managed, unmanaged, and hidden devices. Sepio rogue device detection software approach and complex machine learning algorithms, get to the true source of asset risk, untainted by misleading profile perceptions and behavioral assumptions.
Sepio’s platform prioritizes assets based on their risk level and enforces granular hardware access controls. Automatically blocking those that breach the preset rules or get identified as known attack tools.

Seeing all network assets is a critical prerequisite for hardware defense. But what you see is only as useful as what you can do with this knowledge.

Sepio’s policy enforcement mechanism enables hardware access control, by enforcing a strict set of policies based on the device’s identity. It instantly detects any devices which breach the pre-set policy. It automatically instigates a rogue device mitigation process to block the device. Thus, preventing malicious actors from successfully carrying out hardware-based attacks.

See every known and shadow asset. Prioritize and mitigate risks.
Talk to an expert. It will help you understand how to use Sepio’s patented technology to gain control of your asset risks.

Download Report
October 20th, 2020