Are Drone-Led Cyberattacks the Wave of the Future?

Israel recently agreed to purchase a series of F-35 Lightning II Joint Strike Fighter jets from Lockheed Martin, with the first scheduled to arrive later this year. The F-35 Lightning is one of the most advanced fighter jets in the world, reportedly able to conduct electronic countermeasures.

Drone-Led Cyberattacks: An Emerging Threat

The computing capabilities of the F-35 allow for real-time intelligence sharing with both air and ground forces, making this jet a leader in intelligence gathering with meticulous striking capabilities. As the speed of innovation continues to accelerate, it’s easy to imagine this technology becoming available to civilians — not to mention cybercriminals.

Will drones, whether military, commercial or civilian, be used to facilitate targeted physical and logical attacks against organizations in the future? Drones are still relatively new in the consumer space, but the industry is continuously growing.

While every country controls its airspace differently, the Federal Aviation Administration (FAA) suggested that hobbyists and commercial entities in the U.S. should register all drones. As we know, however, criminals and other bad actors don’t follow laws and regulations.

Seeds Have Been Sown

Could fraudsters use drones to attack your network? It’s not that far-fetched. In 2015, leaked email communications revealed that a spyware vendor, Hacking Team, and a subsidiary of Boeing had considered designing a drone capable of intercepting communications and infecting targets using Wi-Fi networks nearby.

Additionally, researchers at Singapore University of Technology and Design have developed a way to deploy drone-led man-in-the-middle (MitM) attacks to eavesdrop on wireless print jobs by exploiting wireless printing networks within organizations. Researchers reportedly conducted this exercise to raise awareness to IT departments of vulnerabilities surrounding unencrypted wireless connections, even within secure office space.

Infiltrating and inserting malicious code into unsecured or improperly secured Wi-Fi networks is a known attack vector for fraudsters and cybercriminals to launch MitM attacks and other exploits. This experiment shows that inexpensive, consumer-owned drones can be used to carry out these types of malicious attacks.

Attacks From the Sky

How can organizations defend themselves against these types of threats? Thankfully, drone-led cyberattacks have yet to become mainstream. However, the prospect highlights the need for a potential shift in organizational security.

In the days before computer technology, bank robbers, shifty employees and economic downturns were the biggest threats to banks and financial institutions. When computer technology emerged along with the World Wide Web, business became global, and financial crime shifted to a mostly faceless, technology-driven threat.

Drones carrying cyberattack technology pose a threat because they could bypass physical controls. Theoretically, a drone could fly above a major bank or financial institution and conduct a malicious cyberattack from the sky. Such an attack would come without warning and be over before your morning coffee is complete.

Fighting Cyberattacks With Cyberattacks

Will organizations have to adopt drone-fighting tactics? Maybe so; there is technology being created to assist in this process. MalDrone, for example, is the first backdoor malware developed to hijack drones remotely. MalDrone can reportedly interact with the drone’s device drivers and sensors silently, allowing the attacker to control the drone remotely.

The technology is unique in that it can attack all drone makes and models, where previous drone malware attacks were specific to a make and model. This would effectively allow organizations to intercept the malicious attack and take the drone down, fighting a cyberattack with a counterattack.

Luckily we are not yet living in a world where the threat of drone-led cyberattacks are mainstream. But threats will continue to evolve as fast as technology is created. We must look into all angles of security, both physical and digital, when devising security plans to keep organizations safe.

Share this Article:
Brooke Satti Charles

Financial Crime Prevention Strategist, IBM Security

Brooke Satti Charles is a Financial Crime Prevention Strategist within IBM Security. Her career has been focused on research and reporting of fraud, money laundering, insurance, terrorist financing, conflicts management, enterprise risk assessments, and regulatory compliance. Brooke holds a Bachelor of Science in Communication and Media Studies from Northeastern University and is currently working to achieve her Masters in Intelligence Studies.