Research warns consumer-grade services can undermine risk assessment of corporate networks amid remote working as Houdini malware spoofs devices to exfiltrate data. Credit: Metamorworks / Getty Images New research from security firm Cato Networks has highlighted potential security risks surrounding the use of Amazon sidewalk and other consumer-grade services that connect to corporate networks due to a lack of visibility. The research also discovered a novel use of Houdini malware to spoof devices and exfiltrate data within the user agent field, a method often undetected by legacy security systems. The findings come as vast numbers of employees continue to work from home and connect to corporate networks remotely.What is Amazon Sidewalk?Amazon Sidewalk is a free service (currently only available in the US) that extends internet connection of low-power, long-range, low-data Amazon devices such as certain Echo and Ring models beyond a home network to a local, shared network. Operating in the 900 MHz LoRa spectrum, it uses a small amount of a user’s internet, shares it with nearby Amazon devices and creates a mesh network to keep devices connected to the internet when a home-based internet connection is down or has weak connection.Amazon Sidewalk security risksAmazon stated, “Preserving customer privacy and security is foundational to the design of Amazon products and services, and Amazon Sidewalk provides multiple layers of privacy and security to secure data travelling on the network and to keep customers safe and in control.” As such, it has implemented technologies such as data minimization, encryption, and trusted device identities to keep Amazon Sidewalk users secure. However, according to Cato Network’s Q2/21 SASE Threat Research Report, potential security issues surrounding its use can undermine effective risk assessment. Etay Maor, cybersecurity researcher and director of security strategy at Cato Networks, tells CSO, “The threat Sidewalk poses from a security standpoint is the inherent lack of visibility IT has into the data stream. Sidewalk is too new to know what vulnerabilities might exist, and CISOs and their teams will find it hard to mitigate those risks because anything happening in the Sidewalk tunnel will be invisible to IT.” When a CISO lacks visibility of what device types connect to the organization’s network, there is no way of knowing what risks they may introduce, he says. “Are they infected? Do they have current anti-malware software? What about the fact that it connects to neighbor’s networks? Those (and others) are all unknowns because the devices themselves are unknown.” Another potentially risky aspect of the Sidewalk service is the lack of data control, he adds. “Where does the data go? How do third-party developers patch and update the software?” The firm detected hundreds of thousands of Sidewalk flows with some enterprises having hundreds of such devices.With regards to mitigating the risks posed to network security by consumer services and device spoofing linked to Houdini malware, Maor says CISOs need to be looking for threat symptoms found in the network layer. “C&C communications, for example, carry some telltale signs such as periodic communication with servers rarely visited by users in domains of poor reputation. By looking for the symptoms and not the explicit attack signature you’ll be able to detect Sidewalk threats. Context sharing between network and security products is key here.” Related content news Spam blocklist SORBS shuts down after over two decades The service was unsustainable but those in the email deliverability industry expressed mixed feelings about the closure. By Evan Schuman Jun 07, 2024 4 mins Email Security Antispam news analysis New RansomHub ransomware gang has ties to older Knight group File encryption malware used by RansomHub appears to be a modified variant of the Knight ransomware, also known as Cyclops. By Lucian Constantin Jun 07, 2024 4 mins Hacker Groups Ransomware Hacking feature Whitelisting explained: How it works and where it fits in a security program Whitelisting locks down computers so only approved applications can run. Is the security worth the administrative hassle? By Josh Fruhlinger and CSO Staff Jun 07, 2024 10 mins Email Security Application Security Data and Information Security interview How Amazon CISO Amy Herzog responds to cybersecurity challenges Amazon CISO for devices and advertising products and services describes how her team works with product and devops teams to ensure products are cybersecure. By David Strom Jun 07, 2024 5 mins Security Practices Vulnerabilities Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe