Cybersecurity Auditors and experts from the office of the Inspector
General have just published a report on how they stealthily conducted
cyber intrusion attacks by exploiting weakness and vulnerabilities
found in the Wireless networks used by The U.S. Department of the Interior
In the report published, it says;
“Our evaluation revealed that the Department did not deploy and operate secure wireless network infrastructure, as required by the National Institute of Standards and Technology (NIST) guidance and industry best practices”
The Security Auditors were able to successfully carry out a couple of attacks like eavesdropping, evil twin, and password cracking on various networks of different bureaus under the Department.
More worrying is that, all these simulation attacks were carried without getting noticed by security guards or IT security staff in charge of the Department facilities.
The report further highlights that failing to implement the standard network security guidelines as required by the National Institute of Standards and Technology (NIST) is considered careless and negligent. For example, the report points out the Office of the Chief Information Officer (OCIO) for failing to perform its roles and responsibilities in ensuring that the department has access to a secure network.
What will also blow your mind is that the devices, which the security auditors used to intrude into the department’s network only cost as little as $200 each. It is really surprising to see how such cheap devices could be used to compromise such a massive network infrastructure.
For the full report click here.
The truth is, network security threats are, still - real and highly worrying.
The audit performed by IG’s team reveals only a small aspect of the problem. The techniques and tools used by the auditors are well known to industry experts and hackers alike. These have been used for many years now in what is called “Parking Lot” attacks. Which are, as the name hints still require that the attacker must gain physical proximity to the targeted network. However, the introduction of countless wireless devices into networks all around the world over the past few years creates the opportunity for Remote Wireless Attacks. In this type of attack, a remote attacker gains control of an Internet-connected device with wireless capabilities such as a security camera installed by a building manager, ill configured printers, etc. (such devices can be easily identified using an IoT search engine like Shodan). In the next step of the attack, the attacker downloads open-source attacking tools onto the pwned device and launch Evil Twin, password cracking, or other wireless attacks against any wireless network in the proximity. Thus, an insecure device at one office can be used for launching wireless attacks against a neighboring office or even a neighboring building. This screenshot is a good example of how a specific model of IP cameras can be used to remotely launch wireless attacks against almost any area in the US.
(Map is taken from https://ipvm.com/reports/hik-hack-map)
This brings us to an important question; how will corporate network airspace security look like in the growing era of evolving threats?
Although robust network security is being used by organizations today, some threats left open:
Unauthorized access to the corporate network through its airspace
Hijacking networks and devices
Data leakage through the proximity of the corporate
Security starts by taking necessary precautions and products at a multi-layer approach. As we saw above, many organizations make it easier for threat actors to intrude into their corporate network by letting attackers intrude their corporate network airspace.