Hackers use Wi Fi drones to penetrate the intranet of financial companies remotely | VN-Zoom | Cộng đồng Chia Sẻ Kiến Thức Công Nghệ và Phần Mềm Máy Tính

Adblocker detected! Please consider reading this notice.

We've detected that you are using AdBlock Plus or some other adblocking software which is preventing the page from fully loading.

We need money to operate the site, and almost all of it comes from our online advertising.

If possible, please support us by clicking on the advertisements.

Please add vn-z.vn to your ad blocking whitelist or disable your adblocking software.

×

Hackers use Wi Fi drones to penetrate the intranet of financial companies remotely

duongdx

Búa Gỗ
Earlier this week, The Register reported a drone attack this summer. However, the injured private investment company kept silent and only agreed to discuss with the security personnel according to the confidentiality agreement. It is said that at that time, the network administrator found that the company's Confluence page showed strange behavior in the LAN, and Confluence was a web-based remote writing software developed by Atlassian.
It is reported that security personnel found two UAVs on the top floor of the building - one is the modified DJI Matrix 600, and the other is the modified DJI Phantom - the former bombed but still in operation, while the latter achieved safe landing.
Subsequent investigations found that the Matrix 600 UAV was equipped with a penetration kit, including a raspberry pie, a GPD mini laptop, a 4G modem, a Wi Fi device, and several batteries.
In addition, Phantom UAV packs a set of network penetration test equipment called Wi Fi Pineapple developed by Hak5.
Greg Linares, a security researcher who communicated with the company's IT team, said that the attacker used the Phantom UAV+Wi Fi penetration device to intercept the employee's credentials a few days ago.

Then the attacker encoded the stolen information into the penetrating device carried by the Matrix UAV, and used the employee's MAC address and access credentials to invade the company's Cnnfluence page from the roof.
It can be seen that he browsed the Confluence log and tried to steal more login information to connect to other devices in the company's intranet. Fortunately, the attackers have made only limited progress.
When the administrator noticed that the MAC address of the infected employee's device was logged in locally and at a remote location several miles away, he immediately realized that the company's network had been attacked.
After isolating the Wi Fi signal, the security team took the Fluke tester to track and locate the penetration equipment on the roof.

Greg Linares said that this was the third drone based cyber attack he had seen in the past two years.
However, there is no need to panic. After all, the premise for the success of the new case is that the victim enterprise has used a temporary network without properly deploying security measures.
And even with this fragile network, attackers have been dormant for several weeks to carry out 'internal investigation'.
To sum up, the physical distance between the threat actor and the target location must not be too far. The threat actor has enough budget and knows the physical security restrictions of the victim enterprise.
 


Top