Cybersecurity expert Jay Bavisi comments that after the 9/11 terrorist attacks, he began to wonder what a digital event of such magnitude would be like. He was specifically concerned about how a massive cyber attack might affect e-commerce businesses and companies. This was the genesis of the International Council of E-Commerce Consultants, which later became the EC Council. This institution is now dedicated to training cybersecurity professionals. In fact, it’s probably the world's most recognized technical certification body in our sector. That’s why its reports and publications are always recommended to anyone associated with the sector.
On this occasion, they recently have shared content analyzing four types of wireless cyber attacks that cybersecurity and forensics professionals need to know about. At WatchGuard we want to go beyond the EC Council's proposal: we have published an eBook where we address six categories of Wi-Fi threats, several of which coincide with the Council’s categories. These six threats are as follows:
- Evil Twins: A malicious access point (AP) mimics a legitimate one by spoofing its SSID and MAC address. If the victim falls for the hoax, hackers can then intercept data traffic, steal credentials or inject malware. An incident of this nature occurred three years ago when Russian intelligence agents stole laptop credentials from anti-doping agencies, nuclear energy companies and chemical laboratories using this technique.
- Misconfigured access points: In busy networks where new access points are being deployed, administrators can make configuration mistakes such as generating an unencrypted SSID or leaving it with default settings. This can expose sensitive information that hackers could intercept.
- Rogue APs: These are Wireless Access Points that have been installed, unauthorized by administrators. This can be done through a software-created AP that is then linked to the network or connected physically, if the hacker manages to connect directly to routers and servers.
- Rogue user: This refers to any user who has previously been connected to a Rogue AP within the scope of a private network. These users may have been exposed to malware and then transmit it once they connect to a different network, such as their company's network.
- Neighboring Access Point: This involves legitimate users connecting to Access Points on wireless networks close to their location, such as those in nearby venues or cafes. The threat occurs because they are outside the organization's cybersecurity perimeter and such networks may not have sufficient cybersecurity measures in place.
- Ad Hoc Networks: Users create a Wi-Fi P2P connection to connect directly to each other, e.g. two employees connecting without informing the company's IT team. It may mean that they do not comply with any of the organization's cybersecurity measures, thus exposing themselves to hackers.
In this context, where more and more Wi-Fi networks are open or have few cybersecurity measures in place, attackers can spread malware on organizations' systems much more easily. This can compromise data and cause damage that is very costly, a diagnosis also shared by the EC Council.
That's why organizations need to have a Trusted Wireless Environment (TWE) that is properly managed and secured. Fortunately, Watchguard's Cloud-Managed Secure Wi-Fi Solutions are the answer: these solutions enable you to create a complete Wi-Fi network that will be fast, easy to manage and, most importantly of all, secure. In addition, they provide total network visibility, allowing detailed troubleshooting of any anomalies that occur, which means any problems can be resolved quickly. By deploying these solutions, organizations will be much better prepared for wireless threats, an increasingly common gateway for both small and large cyber attacks that have always been a concern for professionals like Jay Bavisi.