Light Dark
September 7, 2023 By Mike Elgan 3 min read
Risk Management

Cybersecurity staff at an East Coast financial services company last summer detected unusual activity on its internal Atlassian Confluence page originating inside the company’s network. The MAC address used locally belonged to an employee known to be currently using the same MAC address remotely, according to a security specialist named Greg Linares, who had secondhand information about the attack.

So, the team used a Fluke AirCheck Wi-Fi Tester device to identify the device logged in, which led the team to the roof of the building. And what they found there surprised everybody: Two drones.

One drone was a DJI Phantom with an attached Wi-Fi Pineapple device, commonly used for penetration testing but misused in this case to hijack an internet connection (The device spoofed the legitimate network, and when employees tried to log in to the fake network, they revealed their login credentials). The second drone was a DJI Matrice drone with a connected Raspberry Pi, a tiny GPD laptop, a modem, a Wi-Fi device and some batteries.

(A later investigation revealed that the Phantom drone had been used days before to capture the worker’s credentials undetected.)

Fast action by the security team thwarted a more damaging attack. But the perpetrators were never caught.

How drones can enable cyberattacks

Using drones in cyberattacks was theorized long before real attacks happened. For example, nearly a decade ago, security researcher Samy Kamkar created a drone rig that he called SkyJack, which was designed to use custom software on an attached Raspberry Pi to take control of other drones in flight autonomously.

Other tech researchers demonstrated conceptual hacks over the years. But after last year’s hack described above, drone hacking has gotten very real in the war between Russia and Ukraine. That war is considered the first full-scale “hybrid war,” combining military with cyber warfare. And drones play a role in that conflict in the gathering of intelligence, the bypassing of physical security, jamming communications (and drone signals themselves) and the delivery of malware.

In general, drones are useful to cyber attackers because they can perform a range of high-flying functions:

Physical surveillance: Drones equipped with high-quality cameras can be used to observe shift changes, gather information on security protocols and plan physical attacks.

Network sniffing and spoofing: Hackers can equip drones with small, modifiable computers (like a Raspberry Pi) to sniff out information about a Wi-Fi network, such as the MAC addresses and SSID. The drone can then mimic a known Wi-Fi network. If unwitting employees connect to this fake network, hackers can access sensitive information. This approach can be used to bypass security protocols and gain direct access to a network.

Denial-of-Service attacks: Drones can carry devices to perform local de-authentication attacks, a type of Denial-of-Service (DoS) attack that targets communication between a user and a Wi-Fi wireless access point. They can also carry devices to jam Wi-Fi or other communications.

Why the risk grows every year

While Ukrainian ingenuity is pioneering tactics for using consumer drones for cyberattacks, the drone industry itself is rapidly improving drones in ways that make them better suited to that purpose.

Drones are evolving quickly to become quieter and faster, fly further from their operators, fly around all obstacles, track moving objects and take much higher-resolution pictures and videos.

To pick one random, specific example, a cyber attacker could sit in the corner of an office parking lot to track an employee. Using an under-$700 DJI Mini 3 Pro (too light to require registration and folds up to fit into a pocket), the hacker could select the employee’s car and press a single on-screen button to lock on. As the employee drives away, the drone automatically follows and tracks the employee’s car while shooting 4k video as far away as seven miles. Once the employee arrives home, the drone could land on the roof and begin hacking the home network used by the employee’s home office. From there, the attack possibilities are obvious.

Five years ago, this set of capabilities would have cost thousands of dollars. Ten years ago, they would have been impossible.

Consumer drones are evolving quickly to become increasingly valuable to cyber attackers.

How to protect against consumer drone-enabled attacks

As drone-powered cyberattacks transition from theoretical to practical to (in the future) widespread, the time is now to safeguard against this emerging threat. Here’s how:

  • Inspect physical security with drones in mind. Evaluate physical spaces accessible by drones where networks and visual data are exposed.
  • Deploy network segmentation and intrusion detection.
  • Consider wired network connections instead of wireless, where drones could hover or land.
  • Include drone-enabled attacks in penetration testing to discover vulnerabilities.
  • Use privacy screens on user systems where sensitive or credential data might be displayed.
  • Place motion-detection cameras on rooftops to alert about drones if they land.
  • Embrace security standards and controls and best practices like zero trust security architectures.

While solid security practices, tools and services are the best protection, it’s really time to re-think physical security and consider all the many ways drones can defeat it.

 |  |  |  |  |  |  | 
Mike Elgan

More from Risk Management
November 15, 2024

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

November 13, 2024

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

November 12, 2024

6 Principles of Operational Technology Cybersecurity released by joint NSA initiative

4 min read - Today’s critical infrastructure organizations rely on operational technology (OT) to help control and manage the systems and processes required to keep critical services to the public running. However, due to the highly integrated nature of OT deployments, cybersecurity has become a primary concern.On October 2, 2024, the NSA (National Security Agency) released a new CSI titled “Principles of Operational Technology Cybersecurity.” This new guide was created in collaboration with the Australian Signals Directorate’s Australian Cyber Security Centre (ASD SCSC) to…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature