DDoS via Wi-Fi Phisher

Posted: November 2, 2016 / Author: Dror Liwer

Reconnecting to your wireless router? Beware of Wi-Fi Phishing!

Enterprise access points are often protected by the network security protocols and policies that cover the entire organization. The level of protection achieved is not similar in all businesses because lack of comprehensive knowledge is common and many businesses lack central control. In an era, in which we all work from mobile devices, connecting and communicating via wireless network, security admins have an even difficulty in achieving proper control over all corporate access points.

This creates a unique opportunity for hackers in the vicinity of offices. Cyber criminals both professional and amateur are never far away. Because of close proximity to an access point, your network is susceptible to Wi-Fi phishing and wireless hacking.

If you conduct a Google search, you’ll find extensive resources and automated Wi-Fi hacking tools. This kind of information serves as a “home kit” for would be hackers. As a result, it doesn’t require an experienced hacker to breach  your network; it can be a teenager just trying out wireless hacking for the fun of it.  

The first step to securing your Wi-Fi network, is learning what Wi-Fi phishing is all about.

Phishing is a global cyber security problem that has affected 37.3 million people around the world (in the past year alone).  

The widespread format of phishing we are all familiar with is done via emails. Hackers disguise themselves as your friends and send you an email targeted to get sensitive information. Wi-Fi phishing is a similar strategy, but it’s done by attacking the Wi-Fi network access points.  Hackers are once again disguised as legitimate users, penetrating a wireless network. Once the network is hacked, hackers can monitor activities and copy sensitive and valuable information, undetected.

How does Wi-Fi Phishing Work?

Wi-Fi phishing is a new approach to the old hacking method of a man in the middle. A Wi-Fi phishing attack causes routers to be deauthenticated from their access points, thus forcing a connection to the hackers’ fake access point. When this connection is established, users are asked to submit their access password on a legitimate looking router login page. As soon as the password is secured by the hacker, the blockage is removed and the user can reconnect to the network as always. However, the hacker now also has legitimate access to the network, because a rogue copy of the user’s access point has been created.

Creating a rogue access point is as easy as installing two wireless cards. One is intended to be an access point for the victim, while the other is used to create the blockage of the legitimate router using the Deauth command. Wi-Fi phishing code is readily available on the internet for easy installment.

In another form of Wi-Fi phishing hackers will turn to social engineering to exploit weaknesses in your business chain of security (which is usually the human element). This is a social engineering attack where the Wi-Fi user gets tricked into revealing their password.

A more malicious form of Wi-Fi phishing is called “spear phishing”. In this scenario, the Wi-Fi attack is not random. Cyber criminals will identify and target specific employees with administrative rights in a certain wireless network and use social engineering methods to generate emails that look legitimate, tempting the attacked employees to reveal their authenticating information.

When it comes to advanced persistent threats (APTs), 91% of them start with a successful phishing attack. Hackers use Wi-Fi phishing to bypass the network security, and then they can easily get to valuable information, which may result in generating even more attacks.

When the Wi-Fi network is breached, it isn’t limited to computers in your business. Mobile devices using that network can also get hacked. In fact mobile devices are considered the weak link when securing corporate networks.

How to Protect Your Business?

To protect yourself and your business, you need to train your staff to be alert whenever they access the internet. You can teach them to take certain steps like always checking a link before clicking on it or only entering a username and password over a secure connection to keep fraudsters at bay.

Hackers make a tremendous effort to make emails and webpages look legitimate. However, a way to catch them would be to look at the hyperlinks (because they’ll usually have incorrect spelling or different address to what you’re accustomed to).

Furthermore, teach your staff to avoid conducting sensitive business and logging into a bank accounts over public networks in cafes or hotspots. If you use those networks it will be easier for hackers to use your mobile data to access your sensitive information as data packets in open networks are not encrypted.  

Although the amount of possible threats are abundant, as new technologies continue to enter the market, the race between hackers and security R&D is on with accelerating speed. You can take an extra step to further protect your enterprise by installing a dedicated security solution.

Do you research and learn what solution is best fitted to protect your wireless network.

Previous Next