Research warns consumer-grade services can undermine risk assessment of corporate networks amid remote working as Houdini malware spoofs devices to exfiltrate data. Credit: Metamorworks / Getty Images New research from security firm Cato Networks has highlighted potential security risks surrounding the use of Amazon sidewalk and other consumer-grade services that connect to corporate networks due to a lack of visibility. The research also discovered a novel use of Houdini malware to spoof devices and exfiltrate data within the user agent field, a method often undetected by legacy security systems. The findings come as vast numbers of employees continue to work from home and connect to corporate networks remotely.What is Amazon Sidewalk?Amazon Sidewalk is a free service (currently only available in the US) that extends internet connection of low-power, long-range, low-data Amazon devices such as certain Echo and Ring models beyond a home network to a local, shared network. Operating in the 900 MHz LoRa spectrum, it uses a small amount of a user’s internet, shares it with nearby Amazon devices and creates a mesh network to keep devices connected to the internet when a home-based internet connection is down or has weak connection.Amazon Sidewalk security risksAmazon stated, “Preserving customer privacy and security is foundational to the design of Amazon products and services, and Amazon Sidewalk provides multiple layers of privacy and security to secure data travelling on the network and to keep customers safe and in control.” As such, it has implemented technologies such as data minimization, encryption, and trusted device identities to keep Amazon Sidewalk users secure. However, according to Cato Network’s Q2/21 SASE Threat Research Report, potential security issues surrounding its use can undermine effective risk assessment. Etay Maor, cybersecurity researcher and director of security strategy at Cato Networks, tells CSO, “The threat Sidewalk poses from a security standpoint is the inherent lack of visibility IT has into the data stream. Sidewalk is too new to know what vulnerabilities might exist, and CISOs and their teams will find it hard to mitigate those risks because anything happening in the Sidewalk tunnel will be invisible to IT.” When a CISO lacks visibility of what device types connect to the organization’s network, there is no way of knowing what risks they may introduce, he says. “Are they infected? Do they have current anti-malware software? What about the fact that it connects to neighbor’s networks? Those (and others) are all unknowns because the devices themselves are unknown.” Another potentially risky aspect of the Sidewalk service is the lack of data control, he adds. “Where does the data go? How do third-party developers patch and update the software?” The firm detected hundreds of thousands of Sidewalk flows with some enterprises having hundreds of such devices.With regards to mitigating the risks posed to network security by consumer services and device spoofing linked to Houdini malware, Maor says CISOs need to be looking for threat symptoms found in the network layer. “C&C communications, for example, carry some telltale signs such as periodic communication with servers rarely visited by users in domains of poor reputation. By looking for the symptoms and not the explicit attack signature you’ll be able to detect Sidewalk threats. Context sharing between network and security products is key here.” Related content news US healthcare agency to invest $50M in threat detection tools that predict attackers’ next moves The Advanced Research Projects Agency for Health is seeking proposals that go beyond detecting and analyzing healthcare attacks to trying to determine what attackers will try next. By Evan Schuman May 28, 2024 5 mins Government IT Healthcare Industry Threat and Vulnerability Management news Data leak exposes personal data of Indian military and police Data included facial scans, fingerprints, identifying marks such as tattoos or scars, and documents such as birth certificates and employment records. By Prasanth Aby Thomas May 28, 2024 4 mins Data Breach feature Third-party software supply chain threats continue to plague CISOs Malware-laced libraries add a new dimension to defending the software supply chain. By David Strom May 28, 2024 8 mins Open Source Security Software Supply Chain feature CISSP certification: Requirements, training, exam, and cost The Certified Information Systems Security Professional ‘gold standard’ certification demonstrates your skills, testifies to your experience, and opens career advancement opportunities, including higher salary. By Josh Fruhlinger and CSO Staff May 28, 2024 10 mins Certifications Careers Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe