DailyPost 2224
DRONE BASED SOPHISTICATED CLOSE ACCESS ATTACK
Human ingenuity has no end and if facilitated by innovative and workable technology interventions it can even sci-fi to shame. Drones are currently being used for a variety of purposes. But it being used for hacks / breaches still falls in the realm of the imaginary. Going beyond imagination is the metal hackers are made of. If they decided to break a network / gain access, they will. Methodology, effort and resources can be sorted is their working philosophy. It has been proven by their demonstrated capability to date. The latest hack news belongs to that realm.
Wi-Fi drones were used by hackers to penetrate a financial firm’s network remotely. Drones have now become much more obtainable. They can carry payloads and the whole operation would not cost of bomb, if compared with the damage it is likely to afflict. Currently, drones are capable enough to carry Wi-Fi Pineapples and pen kits. Drone penetration kits are a new attack vector. It has become a viable option for covertly placing intrusion equipment near a network. From research to hacking drones in the wild is a reality. A similar incident happened this summer where a drone enabled attack compromised an investment firm. The incident was not disclosed.
It was discovered that the company’s internal Confluence page was exhibiting strange behavior. Confluence is web based remote collaboration software. Two drones were discovered on the roof of the building during investigation; one modified DJI Matrice 600 and the other modified DJI Phantom. Crashed Matrice remained operational and Phantom had landed safely. Perfect payload for the task. The Matrice was outfitted with a penetration kit (pen kit) consisting of a Rasberry Pi, a GDP mini laptop, a 4G Modem, a WiFI device and several batteries. Phantom was equipped for the network side, carrying network penetration testing device developed by Hak5 called WiFi Pineapple.
The two drones worked in tandem from even before the attack. Phantom intercepted an employee credentials and WiFi few days before attack. The stolen information was then coded into Matrice drone’s penetration equipment. The Matrice drone compromised the company’s page from the roof using employee’s MAC address and access credentials. Further stealth data stealing operations met only limited success. The compromised employee’s MAC address was logged in locally and also from his home miles away. This was a red herring for the security team. They isolated the WiFi signal and used a Fluke tester to trace the device on the roof.
DRONE ENABLED HACKS AND RANSOMWARE ON THE RAMPAGE ALREADY, WE ARE HEADING TOWARDS TO A CYBER INSECURE TIMES.
Sanjay Sahay