The 'pay-as-you-go' benefits of AWS make hosting a distributed password-cracking platform in the cloud a powerful and affordable tool for network penetration testing. In less than 20 minutes and using a single instance to run a password hacking campaign, testers can recover values that typically result in viable passwords for usernames already in hand. Cloud-based password cracking platforms are blindingly fast, and if they have full access to the password file they can make hundreds, or even thousands of attempts per second.
The best defense against an attacker cracking passwords to access your organization's network is to encourage your employees to refrain from passwords that include:
Learn more about wireless attacks from security consultant Brian Halbach.
Q: Why would an attacker seek to gain access a wireless network before attempting physical access?
Brian: The ultimate goal is to get on their network and start attacking from the inside and well since there's wireless network coverage everywhere, it's easy just to sit on the outside and not raise any security alarms and try to get into the network that way. So in that case, we notice that there are multiple wireless networks, including one without a password on it so we could just connect and so we thought, hey, let's give it a shot.
We kind of took the same mindset an attacker would. An attacker is going to take the path of least resistance and if that path is just sitting in a car out by your company and trying to break into the Wi-Fi, that's going to be the path that they're going to take.
This attack, oftentimes we do this in the day I've done it several times from my actual car. Sit in somebody's parking lot and break into their Wi-Fi and now I'm on their network and now I can try to pivot around to the different areas of a value.
We have multiple different attack vectors that we can take with wireless. We have specialized devices, one called a Wi-Fi Pineapple. We have another little one that's more fun, it's called a pwnagotchi which can help sniff the Wi-Fi network and tell us what's going on. Additionally, we have cloud computing resources that do a hefty sum of password cracking for us.
So unless your password is 22 plus characters, we can generally get into your Wi-Fi then. Generally, it's much easier to sit in a car and not be noticed and get into somebody's Wi-Fi network than it is to pick locks and bypass security alarms and get into an internal building.
Q: What could stop an attacker from accessing a wireless network?
Brian: Yeah, so nowadays there are detections that they can have in place to see that someone doing a wireless attack on my network or someone doing a wireless attack, and they can even pinpoint it down and say, ‘on the east wing of the building, the Wi-Fi attack is occurring.' And then there are some mitigations that can be put in place. One of the interesting ones is that it actually just shuts down some of the Wi-Fi signals and it tells everybody's laptop or cell phone, ‘hey, move to a Wi-Fi access point that's a little bit further away.' That way the bad guys can't do their attacks, so there are good defenses in place, we don't always see them implemented. Oftentimes, it's something that isn't implemented until we do this type of attack and then somebody can actually have the report in their hand and say, ‘Oh wow, I didn't realize how vulnerable this was...' and then they put in defenses.
Q: What are some ways to protect against wireless attacks?
Brian: To help protect against these wireless attacks as I kind of mentioned earlier, there are defenses in place that can help see when these wireless attacks are happening and alert you. Additionally, there are just some interesting choices we've seen companies make. I'm not exactly always sure why you need full Wi-Fi coverage in a four-story parking garage, but that makes it very easy for me to sit on, you know, the third floor in the back corner where no one is there and do a full network pen test.
So also making choices such as restricting your Wi-Fi to only being just around the building instead of fully saturating into the parking garage. Additionally, implementing different types of intrusion detection and intrusion prevention that's built into the Wi-Fi so that when these attacks are happening, you can actively try to stop them from happening. That is also another good route to take to stop them.