Research warns consumer-grade services can undermine risk assessment of corporate networks amid remote working as Houdini malware spoofs devices to exfiltrate data. Credit: Metamorworks / Getty Images New research from security firm Cato Networks has highlighted potential security risks surrounding the use of Amazon sidewalk and other consumer-grade services that connect to corporate networks due to a lack of visibility. The research also discovered a novel use of Houdini malware to spoof devices and exfiltrate data within the user agent field, a method often undetected by legacy security systems. The findings come as vast numbers of employees continue to work from home and connect to corporate networks remotely.What is Amazon Sidewalk?Amazon Sidewalk is a free service (currently only available in the US) that extends internet connection of low-power, long-range, low-data Amazon devices such as certain Echo and Ring models beyond a home network to a local, shared network. Operating in the 900 MHz LoRa spectrum, it uses a small amount of a user’s internet, shares it with nearby Amazon devices and creates a mesh network to keep devices connected to the internet when a home-based internet connection is down or has weak connection.Amazon Sidewalk security risksAmazon stated, “Preserving customer privacy and security is foundational to the design of Amazon products and services, and Amazon Sidewalk provides multiple layers of privacy and security to secure data travelling on the network and to keep customers safe and in control.” As such, it has implemented technologies such as data minimization, encryption, and trusted device identities to keep Amazon Sidewalk users secure. However, according to Cato Network’s Q2/21 SASE Threat Research Report, potential security issues surrounding its use can undermine effective risk assessment. Etay Maor, cybersecurity researcher and director of security strategy at Cato Networks, tells CSO, “The threat Sidewalk poses from a security standpoint is the inherent lack of visibility IT has into the data stream. Sidewalk is too new to know what vulnerabilities might exist, and CISOs and their teams will find it hard to mitigate those risks because anything happening in the Sidewalk tunnel will be invisible to IT.” When a CISO lacks visibility of what device types connect to the organization’s network, there is no way of knowing what risks they may introduce, he says. “Are they infected? Do they have current anti-malware software? What about the fact that it connects to neighbor’s networks? Those (and others) are all unknowns because the devices themselves are unknown.” Another potentially risky aspect of the Sidewalk service is the lack of data control, he adds. “Where does the data go? How do third-party developers patch and update the software?” The firm detected hundreds of thousands of Sidewalk flows with some enterprises having hundreds of such devices.With regards to mitigating the risks posed to network security by consumer services and device spoofing linked to Houdini malware, Maor says CISOs need to be looking for threat symptoms found in the network layer. “C&C communications, for example, carry some telltale signs such as periodic communication with servers rarely visited by users in domains of poor reputation. By looking for the symptoms and not the explicit attack signature you’ll be able to detect Sidewalk threats. Context sharing between network and security products is key here.” Related content news Google launches Google Threat Intelligence at RSA Conference The new addition to Google Cloud Security is designed to give security teams information to inform approaches to protecting against external threats, managing attack surfaces, and mitigating digital risks. By Sascha Brodsky May 06, 2024 4 mins Google Cloud Functions Cloud Security Security Software brandpost Sponsored by Elastic Search + RAG: The 1-2 punch transforming the modern SOC with AI-driven security analytics AI is modernizing how SOCs function, triaging countless alerts down to a handful of attacks that matter most. By Mike Nichols, Product for Security at Elastic May 06, 2024 3 mins Artificial Intelligence how-to Download the Zero Trust network access (ZTNA) enterprise buyer’s guide From the editors of our sister publication Network World, this enterprise buyer’s guide helps network and security IT staff understand what ZTNA can do for their organizations and how to choose the right solution. By Josh Fruhlinger and steve_zurier May 06, 2024 1 min Zero Trust Access Control Network Security news Germany blames Russian hackers for months-long cyber espionage The attacks by Russia-backed Fancy Bear used an Outlook exploit to compromise several German officials’ accounts. By Shweta Sharma May 06, 2024 4 mins Advanced Persistent Threats Hacker Groups PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe