Drones are commonly associated with taking stunning aerial footage or aiding military operations, but did you know that drones can also be used in cyberattacks? With the rise of hardware-based attacks, cybercriminals are increasingly turning to drones as a covert tool to bypass traditional security measures and gain unauthorized access to sensitive data and systems. This escalation in hacking activities adds a new layer of security risks that organizations must address.
The New Era of Hardware-Based Attacks: Drone-Assisted Infiltration
Cybercriminals have long utilized social engineering techniques and exploited the supply chain as infiltration points, but these methods are not always enough. As attacks become more sophisticated, perpetrators have discovered a new tactic: using drones to aid in cyberattacks. Drones allow attackers to remain at a safe distance while targeting systems on the ground, making it harder to detect and stop these cyber attacks.
But how do drones fit into the attack process? While the drone itself doesn’t directly carry out the cyber attack, it plays a pivotal role in enabling other devices to infiltrate networks.
How Drones Assist in Cyberattacks
The real attack device in these scenarios is often a small, inexpensive computer like the Raspberry Pi. This credit card-sized device is commonly used for ethical purposes, but in the wrong hands, it can execute malicious actions when connected to a target system. In an attack in which the perpetrator uses a drone, the Raspberry Pi is attached to the UAV (Unmanned Aerial Vehicle), and targets a wireless keyboard or mouse. How does this all work? It’s all to do with the USB adapter connected to the endpoint that facilitates the wireless mouse or keyboard connection.
The USB dongle is the device which translates the mouse movements and keystrokes into actions performed on the computer. Think of it as a conversation. The user moves the wireless mouse, and the USB dongle tells the computer that this is the action the user wants to perform. Hence the screen displays the mouse movements. The same happens when a user injects a keystroke. Obviously, this happens at such a speed that the entire process is instant. But that’s the breakdown of how a wireless mouse/keyboard function. Essentially, the USB dongle acts at the wireless device’s connection to the endpoint.
This is where the drone comes in. The drone hovers near a targeted wireless mouse/keyboard, and the attached Raspberry Pi remotely spoofs the connection between the mouse/keyboard and the USB adapter. In doing so, the Raspberry Pi disguises itself as a legitimate HID and uses the USB dongle to “connect” to the endpoint.
What Can a Drone Attack Do?
Keylogging
The Raspberry Pi can remotely keylog all of the local user’s keystrokes to mimic them remotely when injecting commands.
Execute Commands
Since the device is now imitating a legitimate HID, it can use the USB dongle the same way that a keyboard does. By performing keystrokes that translate into actions on the endpoint. By performing keystrokes that translate into actions on the endpoint. This enables a variety of attacks, such as malware injection, data breach, cookie harvesting, and intrusion. In more advanced attacks, the perpetrator can inject a payload that creates an out-of-band connection to bypass an air-gapped network.
It is important to note that, even if the local user is only using a wireless mouse (i.e. the keyboard is wired), the attacker can still perform keystrokes to inject payloads since the USB adapter supports keyboard interfaces.
Bypassing NAC
The ability to spoof an authenticated device and execute payloads allows the Raspberry Pi to bypass NAC software. The Rogue Device can alter its MAC address and gain network access through an 802.1x bypassing module included in the payload. With precisely placed packets, the perpetrator can sniff the private traffic between two hosts.
Network Packet sniffing is often used for reconnaissance purposes as the bad actor can capture data on the targeted network. Moreover, by gaining network access, the device can move laterally across the network to other systems, should the network be shared. In 2018, a major US government agency was hacked using a Raspberry Pi. The device was able to move freely between various systems as the network was not segmented. As a result, the perpetrators stole around 500MB of sensitive data from 23 files over a period of almost a year.
Blind Spots
The persistent attack on the government agency demonstrates the covert nature of such devices. And the lack of device visibility present among many organizations. Enterprises are often unaware of all the devices operating within their infrastructure. This is a blind spot that cybercriminals seek to exploit.
More worrisome is that, even if enterprises did have ultimate device visibility, the Raspberry Pi, and other Spoofed Peripherals, can imitate legitimate HIDs which would not raise any security alarms. Hence, it would essentially be impossible to detect the malicious nature of such devices (Bad USB).
UAV Cybersecurity: Protecting Against Drone Malware Attacks
Given the increasing use of drones in cyberattacks, traditional computer-security measures may no longer be sufficient. To mitigate the risk of drone-assisted attacks, organizations need to enhance their hardware asset visibility. By gaining complete visibility into all devices on the network—known and unknown—organizations can identify vulnerable assets and detect malicious activity before it escalates.
Gain Control of Your Asset Risks with Sepio’s Technology
To effectively defend against drone-assisted cyberattacks, it’s crucial to monitor all hardware devices, prioritize risks, and take immediate action against any suspicious activity. Sepio’s patented technology provides comprehensive asset risk management, helping organizations detect and mitigate threats from all devices within their infrastructure.
See every device, prioritize risks, and protect your organization from sophisticated cyberattacks.
Talk to an expert to learn how Sepio can help you secure your network from hacking, intrusion, ransomware, and other emerging vulnerabilities.
