Hackers aim to exploit any possible loopholes to attack an organization of interest. And sometimes, the loopholes do not have to be in the targeted enterprise but in the network of a close neighbor.
A tactic known as a nearest neighbor attack starts with hackers managing their way into a neighboring network and penetrating the main target of interest using a remote desktop protocol (RDP) from the initially compromised location. By establishing the connection between the networks, the criminals can access the victim’s systems and steal as much data as they please without leaving many traces.
A Case Study: APT28 and the Washington, D.C. Incident
The Attack Unveiled
Bleeping Computer recently revealed that hackers from a government-tied cyber gang known as APT28 executed a nearest neighbor attack on an organization located in Washington, D.C. The incident happened almost three years ago and affected an organization performing Ukraine-related work before the war between the two eastern European countries began.
Overcoming Multi-Factor Authentication (MFA)
The Russia-linked cyber gang, also known as Fancy Bear, was looking for a way to go over the protection of multi-factor authentication (MFA), and eventually did so by executing a nearest neighbor attack. The bad actors hijacked an access point device across the street and logged in to the victim’s WiFi network, paving the way for them to exfiltrate as much data as they pleased. The names of the organizations affected by the attack are unknown.
How the Attack Was Investigated
Cyber security experts discovered that the hackers were only in three WiFi access points on one side of the building, which suggested that the threat was not coming from the inside but was likely from an outside source. The experts initially believed that the bad actors had used a known espionage tactic to physically approach the building in close proximity and hack their way in.
However, after further investigation, they discovered that the hackers had been able to compromise a device right across the street and use it as a launch pad to attack the actual point of interest, essentially establishing the nearest neighbor attack. The hackers, likely located on the other side of the world, were never physically located close to the victim’s network.
Implications and Lessons Learned
The good news is that nearest neighbor attacks require high-level skills, which are available predominantly to government-tied hacker organizations and spy agencies.
Read also: WPA vs. WPA2: Upgrading Your Wi-Fi Security
The bad news is that while international cyber espionage agencies are probably not after your hard-earned money and are likely focusing on more significant projects, tactics used by elite hackers often go mainstream and get adopted by other cyber criminals.
While you can’t force neighbors to protect their networks better, keeping your personal and business security intact is your responsibility.
The post What is a nearest neighbor attack? appeared first on Panda Security Mediacenter.
Article Link: What is a nearest neighbor attack? - Panda Security