It’s no mystery that the world of cybersecurity constantly faces a massive challenge. It has to pre-empt attacks, predict how hackers will use new attack vectors, and defend their environment against all existing attacks and attacks that may not even exist yet. To no one’s surprise, no organization is 100 percent covered. In this article, we’re here to go over one of the more obscure, but dangerous and difficult attacks to defend against—airborne attacks.
To cover this subject matter at depth, we spoke to Joe Lea, VP of Product at Armis.
Simply put, airborne attacks are attacks that don’t require human interaction to spread. They’re defined by this method of virality because that quality is what makes them extremely dangerous.
Traditional methods of attack, such as malware, requires a human to download an attachment, such as a compromised word document or PDF for the attack to be successful. Airborne attacks, instead, exploit entry points on devices that give them access to a network. The attack doesn’t require any human to make an error - the vulnerability simply exists on the device.
The most famous example of an airborne attack is Blueborne, first discovered as a zero-day vulnerability by Armis. Blueborne is an attack vector that affects any Bluetooth-enabled devices and the vulnerability allows attackers to jump from device to device, whether or not the Bluetooth is paired with any devices. As long as Bluetooth is on or active, attackers can easily infiltrate a network. Lea notes that Bluetooth-enabled devices number in the billions, making for a significant attack surface.
Because airborne attacks allow hackers to easily infiltrate a network, they can also reach networks known to be more secure, such as air-gapped networks. Airgapped networks are usually contained within a specific server and network, physically separate from an organization’s main networks. That helps secures them from traditional attacks and in the case of a compromised organization. But with airborne attacks, they now face a major vulnerability they have to take into account.
A successful airborne exploit can establish a man-in-the-middle (MITM) attack, allow hackers to take control of the device, spread ransomware and malware, or compromise the device for surveillance, cryptomining, or data exfiltration purposes.
Lea notes that nearly any organization using devices with Bluetooth capabilities, such as speakers, printers, smart tv’s, cameras, and more are all at risk because these devices have become so ubiquitous in all organizations, large and small.
However, the industries, particularly at risk, are industrial, manufacturing, government, and healthcare. This is because most of them rely on a new wave of wireless devices to vastly improve their processes and service. Here’s a brief breakdown.
Technology has vastly improved industrial organizations, especially with the advent of the industrial Internet of Things (IoT). However, these same devices are susceptible to airborne attacks, leaving wireless systems such as industrial control systems (ICS) particularly vulnerable. This risks major damage for municipalities, cities, and utilities.
Manufacturing companies can also succumb to these kinds of attacks. Lea offers a hypothetical scenario where a rival organization can attack an “online thermostat in a large refrigeration unit in a food manufacturer and distributor.” By turning the thermostat off, they’re severely hindering the organization’s business process and potentially costing them a major customer by failing to deliver their product.
Healthcare organizations have seen a major transformation evidenced by IoT, connected devices, and wireless medical devices. But if those medical devices are compromised, then human lives are at risk. The devices could be forced to turn off, spread the wrong information about an individual’s health state, or spread misinformation to a hospital or doctor, leading them to take the wrong action.
Certain government organizations are also at risk due to the vulnerability air-gapped networks face. Nation-states can attack government agencies, industrial systems, and critical infrastructure networks. Government organizations are also most likely to run older versions of operating systems and software, so even if a hacker is using older versions of malware or ransomware like Wannacry and Petya, they may find success via airborne attacks.
Lea also warns that small organizations may be particularly susceptible to these kinds of attacks because of the severity of the vulnerability and the difficulty required to defend against airborne attacks. “If small companies are infected with ransomware [through a successful airborne attack], that’s an existential threat to their business.”
Lea suggests that companies need to “get back to basics” and cover four major areas.
It’s crucial that organizations know and categorize all the devices within their environment, which include corporate and guest networks. You should keep track of devices that sit outside your network and broadcast signals such as WiFi, Bluetooth, SSID, and more. If it can connect to your environment, track it. Asset and device inventory is extremely important.
After categorizing your devices, it’s important to know the ins and outs of them.
This will help you understand where your vulnerabilities lie and will help you patch them before they can lead to a compromise. For example, after Blueborne was announced, many device manufacturers released updates to patch the vulnerability.
Your department should work to understand what kind of attack surface is applicable to your environment. Know what web services and apps are tied to your devices, how these connections are configured, and whether they can connect to a browser or not.
Because many of these devices can’t have software running on them to check for malware or attacks, organizations can’t rely on traditional vendors and solutions responsible for endpoint security. This creates a major gap that leaves organizations vulnerable. To remedy this, organizations should either look to expand the functionality of their existing network segmentation tools, security information management systems, device management solutions, and orchestration and automation tools. Alternatively, they can also find a vendor who specializes in tracking these devices and vulnerabilities.
Airborne attacks are particularly scary but they aren’t something that’s impossible to defend against. Make sure your organization is keeping track of all devices and ensure you have a strategy for your managed and unmanaged assets. Just having the visibility of your devices and knowing what kind of activity is happening between them is extremely important. As is often the case with most cybersecurity challenges, knowing your enemy, your environment, then looking towards vendors and solutions will help you address a new threat.
Interested in learning more about this topic and others? InfoSec World 2020 will be here before you know it, so be sure to mark your calendars and stay tuned to updates here.