Research warns consumer-grade services can undermine risk assessment of corporate networks amid remote working as Houdini malware spoofs devices to exfiltrate data. Credit: Metamorworks / Getty Images New research from security firm Cato Networks has highlighted potential security risks surrounding the use of Amazon sidewalk and other consumer-grade services that connect to corporate networks due to a lack of visibility. The research also discovered a novel use of Houdini malware to spoof devices and exfiltrate data within the user agent field, a method often undetected by legacy security systems. The findings come as vast numbers of employees continue to work from home and connect to corporate networks remotely.What is Amazon Sidewalk?Amazon Sidewalk is a free service (currently only available in the US) that extends internet connection of low-power, long-range, low-data Amazon devices such as certain Echo and Ring models beyond a home network to a local, shared network. Operating in the 900 MHz LoRa spectrum, it uses a small amount of a user’s internet, shares it with nearby Amazon devices and creates a mesh network to keep devices connected to the internet when a home-based internet connection is down or has weak connection.Amazon Sidewalk security risksAmazon stated, “Preserving customer privacy and security is foundational to the design of Amazon products and services, and Amazon Sidewalk provides multiple layers of privacy and security to secure data travelling on the network and to keep customers safe and in control.” As such, it has implemented technologies such as data minimization, encryption, and trusted device identities to keep Amazon Sidewalk users secure. However, according to Cato Network’s Q2/21 SASE Threat Research Report, potential security issues surrounding its use can undermine effective risk assessment. Etay Maor, cybersecurity researcher and director of security strategy at Cato Networks, tells CSO, “The threat Sidewalk poses from a security standpoint is the inherent lack of visibility IT has into the data stream. Sidewalk is too new to know what vulnerabilities might exist, and CISOs and their teams will find it hard to mitigate those risks because anything happening in the Sidewalk tunnel will be invisible to IT.” When a CISO lacks visibility of what device types connect to the organization’s network, there is no way of knowing what risks they may introduce, he says. “Are they infected? Do they have current anti-malware software? What about the fact that it connects to neighbor’s networks? Those (and others) are all unknowns because the devices themselves are unknown.” Another potentially risky aspect of the Sidewalk service is the lack of data control, he adds. “Where does the data go? How do third-party developers patch and update the software?” The firm detected hundreds of thousands of Sidewalk flows with some enterprises having hundreds of such devices.With regards to mitigating the risks posed to network security by consumer services and device spoofing linked to Houdini malware, Maor says CISOs need to be looking for threat symptoms found in the network layer. “C&C communications, for example, carry some telltale signs such as periodic communication with servers rarely visited by users in domains of poor reputation. By looking for the symptoms and not the explicit attack signature you’ll be able to detect Sidewalk threats. Context sharing between network and security products is key here.” Related content opinion The Assumed Breach conundrum Assumed Breach is the third but often overlooked principle of zero trust. When we talk about adopting a “not if, but when” attitude to security, are we merely paying lip service or do we really believe and internalise it? By Steven Sim Apr 23, 2024 4 mins Zero Trust Security news Authentication failure blamed for Change Healthcare ransomware attack Absence of multi-factor authentication reportedly left a remote access application exposed. By John Leyden Apr 23, 2024 5 mins Ransomware Cyberattacks news Russian state-sponsored hacker used GooseEgg malware to steal Windows credentials A now-patched Windows Print Spooler flaw was used by Forest Blizzard to drop the privilege-elevating malware for credential stealing and persistence. By Shweta Sharma Apr 23, 2024 3 mins Malware Windows Security feature Top 10 physical security considerations for CISOs Securing premises and devices from physical attacks can be just as challenging as defending against cyber threats. Collaboration and communication with all teams involved is the key to success. By Ericka Chickowski Apr 23, 2024 14 mins Critical Infrastructure Security Infrastructure Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe