Research warns consumer-grade services can undermine risk assessment of corporate networks amid remote working as Houdini malware spoofs devices to exfiltrate data. Credit: Metamorworks / Getty Images New research from security firm Cato Networks has highlighted potential security risks surrounding the use of Amazon sidewalk and other consumer-grade services that connect to corporate networks due to a lack of visibility. The research also discovered a novel use of Houdini malware to spoof devices and exfiltrate data within the user agent field, a method often undetected by legacy security systems. The findings come as vast numbers of employees continue to work from home and connect to corporate networks remotely.What is Amazon Sidewalk?Amazon Sidewalk is a free service (currently only available in the US) that extends internet connection of low-power, long-range, low-data Amazon devices such as certain Echo and Ring models beyond a home network to a local, shared network. Operating in the 900 MHz LoRa spectrum, it uses a small amount of a user’s internet, shares it with nearby Amazon devices and creates a mesh network to keep devices connected to the internet when a home-based internet connection is down or has weak connection.Amazon Sidewalk security risksAmazon stated, “Preserving customer privacy and security is foundational to the design of Amazon products and services, and Amazon Sidewalk provides multiple layers of privacy and security to secure data travelling on the network and to keep customers safe and in control.” As such, it has implemented technologies such as data minimization, encryption, and trusted device identities to keep Amazon Sidewalk users secure. However, according to Cato Network’s Q2/21 SASE Threat Research Report, potential security issues surrounding its use can undermine effective risk assessment. Etay Maor, cybersecurity researcher and director of security strategy at Cato Networks, tells CSO, “The threat Sidewalk poses from a security standpoint is the inherent lack of visibility IT has into the data stream. Sidewalk is too new to know what vulnerabilities might exist, and CISOs and their teams will find it hard to mitigate those risks because anything happening in the Sidewalk tunnel will be invisible to IT.” When a CISO lacks visibility of what device types connect to the organization’s network, there is no way of knowing what risks they may introduce, he says. “Are they infected? Do they have current anti-malware software? What about the fact that it connects to neighbor’s networks? Those (and others) are all unknowns because the devices themselves are unknown.” Another potentially risky aspect of the Sidewalk service is the lack of data control, he adds. “Where does the data go? How do third-party developers patch and update the software?” The firm detected hundreds of thousands of Sidewalk flows with some enterprises having hundreds of such devices.With regards to mitigating the risks posed to network security by consumer services and device spoofing linked to Houdini malware, Maor says CISOs need to be looking for threat symptoms found in the network layer. “C&C communications, for example, carry some telltale signs such as periodic communication with servers rarely visited by users in domains of poor reputation. By looking for the symptoms and not the explicit attack signature you’ll be able to detect Sidewalk threats. Context sharing between network and security products is key here.” Related content news Zscaler shuts down exposed system after rumors of a cyberattack Initially dismissing rumors, Zscaler now says it did have a system exposed but nothing important has been accessed. By Shweta Sharma May 09, 2024 3 mins Data Breach Cyberattacks news Palo Alto launches AI-powered solutions to fight AI-generated cyberthreats The suite is powered by Palo Alto’s proprietary solution, Precision AI, which integrates machine learning, deep learning, and generative AI technologies. By Prasanth Aby Thomas May 09, 2024 3 mins Generative AI Security Software news F5 patches BIG-IP Next Central Manager flaws that could lead to device takeover Two high-risk vulnerabilities could allow attackers to gain full administrative control on devices via leaked password hashes. By Lucian Constantin May 08, 2024 5 mins Threat and Vulnerability Management Cloud Security Vulnerabilities news Suspected Chinese hack of Britain’s Ministry of Defence linked to contractor, minister confirms The UK’s defence minister would not confirm that the attack was conducted by an element of the Chinese state, rather blaming the “potential failings” of a partner. By John Dunn May 08, 2024 4 mins Aerospace and Defense Industry Data Breach Government PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe