Business people are using Public WIFI at un-precedented levels for collaborating with co-workers, outside suppliers and customers. And, there are many good reasons for Public WIFI; it’s convenient, widely available and free. A recent study showed that 78 per cent of people around the world actively look for Public WIFI sources and of those 72 per cent have complete confidence in connecting without any regard to security.
But, Public WIFI is wrought with security risks and business executive should look for a virtual private network (VPN) that can act as a private gateway to ensure security. Pressure from work also drives people to connect to the first available Public WIFI. A Kaspersky Lab survey found that people are more likely to be robbed of their data than their money when travelling abroad as three in 10 senior business managers have been hit by cybercrime while abroad. According to the Kaspersky research report, cyber criminals target people while abroad as 82 per cent connect to free Public WIFI at airports, hotels, cafes and restaurants that are for the most part unsecured.
To learn more, join the webinar on Protecting Data on Public WIFI, on May 23rd at 1pm EDT, click here to register.
If you plan on taking chances with your data and are willing to connect to Public WIFI lookout for these top five hacks.
Man-in-the-middle is the most prominent hacking attack on Public WIFI today. According to Amit Bareket, the CEO of Perimeter 81, a cloud-based VPN vendor, one out of every five people will be hit using the Public WIFI by this type of attack.
How does it work: Hackers intercept the data packets as they travel from victim to the Public WIFI network? The most common tactic used by the hacker is eaves dropping as the attacker can view your messages.
Recently a European-based gang of cyber criminals where caught by Europol for a Man-in-the-Middle attack that targeted mid-size to large companies in Italy, Spain, Poland, the U.K. and Belgium.
The hackers used social engineering tactics to plant malware onto their networks and fooled these organizations to the tune of $6.8 million.
WIFIPHISHER or Evil Twin
In the Evil Twin scenario there is a wireless access point that looks legitimate. But, it’s rogue. The hacker has tricked you and is now intercepting your valuable data. One of the more common spots for WIFIPHISHER or Evil Twin is the free airport hotspot.
How does it work: You are at a Starbucks coffee shop and you see a WIFI network named Starbucks on your smartphone? It automatically connects because you have been at this Starbucks several times and your device recognizes it. This hack is quite dangerous because it does not need the individual to connect to the free WIFI network.
Bareket said that these types of attacks are usually targeted at someone; imagine your competitor looking to steal data on a new project. WIFIFISHER or Evil Twin is used commonly by the intelligence community to extract secrets from governments and business.
One of the more famous incidents of an Evil Twin attack occurred during the 2016 Republican National Convention where 1,200 attendees connected to the phony I VOTE TRUMP WIFI network that sat outside the convention centre.
A widely used wireless hack, AirCrack-NG is an old but still workable method that compromises the network with a set of tools to extract passwords, which are then used to get into your network to steal data. AirCrack-NG is not just one tool but a suite of tools that can also decrypt passwords and record all packets. And, the NG stands for new generation.
How it works: AirCrack-NG works on just about any access point with a wordlist. Think about it as an unlimited supply of master keys being used to unlock a door. It may be slow but eventually you will get in.
Bareket told EChannelNews that he was 16 years old when he tried AirCrack-NG. He added that it has been used for so long because its straight-forward and does not need any technical knowledge. And, that’s what makes AirCrack-NG scary.
Passive sniffing is an above-board tool created to help monitor traffic in an effort to look at maintenance issues and resolve them. Today, this tool is being used by hackers to steal data.
How it works: the sniffer tool finds data packets usually on a Local Area Network or LAN. Any data transmitted on this network can be captured and viewed by the hacker. The term passive means that the hacker sits and waits for data to be sent and from there it is stolen.
One of the more common ways of passive sniffing is when a hacker goes into the lobby of an office, pulls out his notebook, and connects to the network. Then leaves with company data undetected.
If AirCrack-NG is slow, Cowpathy is fast. Bareket said this hack is an advanced version of AirCrack as it speeds up the capture of WPA2 passwords. It can also compliment AirCrack-NG especially if the hacker is looking to break into a specific network like WPN or WPA2. Cowpathy only works on these types of networks.
How it works: Think of a dictionary of passwords coupled with a boot force attack utilizing all these different passwords.
Bareket added that Cowpathy is a common hack to crack into WIFI. The best way to protect yourself from a Cowpathy hack is to use a random, complex password that includes numbers and symbols.