Cybersecurity staff at an East Coast financial services company last summer detected unusual activity on its internal Atlassian Confluence page originating inside the company’s network. The MAC address used locally belonged to an employee known to be currently using the same MAC address remotely, according to a security specialist named Greg Linares, who had secondhand information about the attack.
So, the team used a Fluke AirCheck Wi-Fi Tester device to identify the device logged in, which led the team to the roof of the building. And what they found there surprised everybody: Two drones.
One drone was a DJI Phantom with an attached Wi-Fi Pineapple device, commonly used for penetration testing but misused in this case to hijack an internet connection (The device spoofed the legitimate network, and when employees tried to log in to the fake network, they revealed their login credentials). The second drone was a DJI Matrice drone with a connected Raspberry Pi, a tiny GPD laptop, a modem, a Wi-Fi device and some batteries.
(A later investigation revealed that the Phantom drone had been used days before to capture the worker’s credentials undetected.)
Fast action by the security team thwarted a more damaging attack. But the perpetrators were never caught.
How drones can enable cyberattacks
Using drones in cyberattacks was theorized long before real attacks happened. For example, nearly a decade ago, security researcher Samy Kamkar created a drone rig that he called SkyJack, which was designed to use custom software on an attached Raspberry Pi to take control of other drones in flight autonomously.
< ..
Support the originator by clicking the read the rest link below.
