Alert, Kaspersky Reveals Tactics For Bobol Wi-Fi Network Via Neighbors

Illustration - WiFi router (Photo: Kaspersky)

JAKARTA - So far, from an information security perspective, wireless networks are considered safe, as they require physical access close to the access point to be hacked.

However, recently global cybersecurity firm Kaspersky discovered a new attack tactic called "Nearest Neighbor" which suggests that the perspective is not 100 percent correct.

Kaspersky said that this attack method allows long-range attackers to exploit the company's Wi-Fi network by utilizing vulnerabilities in other organizations located at the same or nearby physical location.

"Even a well-protected wireless network can be an easy entry point for long-range attackers if they first endanger other companies located in the same building or adjacent buildings," Kaspersky said in a written statement.

The attack started with criminals gathering information about the target company, investigating its external perimeter, and possibly finding employee credentials in a leaked password database.

Although attackers cannot find vulnerabilities from targets, as they may use security measures such as two-factor authentication, the company's Wi-Fi network is often a weak point, especially underprotected guest networks.

But the problem is, attackers are on the other side of the world and cannot physically connect to office Wi-Fi.

This is where Neares Neighbor's tactics play a role.

If they are unable to access the company's network that is targeted directly because of the distance, they will look for neighboring organizations with more vulnerable security.

After gaining access to neighboring networks, attackers will search for devices connected to cable networks with wireless modules.

Well, this compromised device will later become a "bridge" for attackers to connect to the target company's Wi-Fi network.

According to Kaspersky, once attackers enter the target network, they can carry out various malicious activities, such as stealing data, encrypting important information, and monitoring employee activities.

"After achieving this initial goal, the attackers can continue with their main goal of stealing information, encrypting data, monitoring employee activities, and more." Kaspersky concluded.