Story image

Hackers exploit wireless networks, steal valuable information

28 Jan 16

Wireless networks are vulnerable, there’s no way around it, but there are steps organisations can take to better protect themselves, according to Netscout’s Fluke Networks Enterprise Solutions.

Terence Grey, Netscout Fluke Networks Enterprise Solutions system engineer, says, “If you have Wi-Fi, then you definitely have vulnerabilities. The point is to know what they are and have a solution in place so you know when you’re being attacked, and can mitigate the risk and consequences.

“It’s no coincidence that security incidents are increasing at a faster rate than ever before and are costing organisations significantly more.

“These increases match the growth of the wireless industry: the more we have connected people on the web, the more we have security incidents,” he says.

According to Netscout here are four key attack vectors used to hack wireless networks.

Snooping is an attack vector that is mostly undetectable as the attacker is just listening, usually using specialised equipment that is easily obtainable and cheap, says Grey.

It’s most effective against unencrypted networks and can become dangerous because the snooper can capture all of the company’s communications, he says.

Denial of Service (DoS) attacks lets attackers disconnect a single wireless client or all wireless clients from an access point.

These types of attacks have been around since the birth of the internet and are difficult to defend against, Grey says.

As well as denying access, they can also be used to redirect access to a so-called honeypot, which is an access point controlled by hackers, he says.

Cracking describes when hackers attempt to access a network by deducing or obtaining the wireless password.

The best defence against this type of attack is to choose passwords that are long and include multiple types of different characters, numbers, and symbols, Grey says.

Information theft is another key attack vector. Every mobile device is likely to connect to a wireless network at some point, in which case it will transmit different types of information, says Grey.

Hackers then listen to this information, which may include systems access data or sensitive commercial information, he says.

“If an attacker is trying to penetrate a company they’re not going to stick to a single method; they’re going to use multiple strategies.

“Wi-Fi is the lowest-hanging fruit, even if you have enterprise-level security in place. Keep in mind that the people protecting a network need to get it right all the time.

“A hacker only needs to get it right once, and they’re in. This makes it imperative for organisations to put strong security measures in place,” says Grey.

Netscout’s Fluke Networks Enterprise Solutions has identified five best practices for organisations to minimise the risk of being attacked. They are as follows:

  1. Start with a company security policy that specifically includes Wi-Fi.
  2. Create an employee security awareness program and ensure every employee participates.
  3. Practise safe networking with strong encryption and authentication, including client-side certificate validation.
  4. Police the network with a wireless intrusion detection system (WIDS) or wireless intrusion protection system (WIPS).
  5. Perform regular penetration testing to find out exactly where your vulnerabilities are so you can decide how to protect the organisation.
Commerce Commission report shows fibre is hot on the heels of copper
The report shows that as of 30 September 2018 there were 668,850 households and businesses connected to fibre, an increase of 45% from 2017.
Dr Ryan Ko steps down as head of Cybersecurity Researchers of Waikato
Dr Ko is off to Australia to become the University of Queensland’s UQ Cyber Security chair and director.
Businesses in APAC are ahead of the global digital transformation game
“And it’s more about people and culture - about change management - along with investing in the technology.”
HubSpot announces fund for 'customer first' startups
HubSpot is pouring US$30 million (NZ$40 million) into a new fund to support startups that demonstrate ‘customer first’ approach of not only growing bigger, but growing better.
Mac malware on WatchGuard’s top ten list for first time
The report is based on data from active WatchGuard Firebox unified threat management appliances and covers the major malware campaigns.
LearnCoach closes $1.5m seed round
The tutorials are designed for students who want to learn NCEA subjects but can’t make it to a physical classroom.
Bin 'em: Those bomb threat emails are complete hoaxes
A worldwide spate of spam emails claiming there is a bomb in the recipient’s building is almost certainly a hoax.
Marriott sets up call centres to answer questions on data breach
Marriott has released an update on the breach of the Starwood guest reservation data breach which affected 500 million guests.