Airborne Drones Are Dropping Cyber-Spy Exploits in the WildAirborne Drones Are Dropping Cyber-Spy Exploits in the Wild
Drone-based cyberattacks to spy on corporate targets are no longer hypothetical, one incident from this summer shows.
October 12, 2022
Once limited to abstract academic conversation among cybersecurity enthusiasts, drones loaded with cyber-spying equipment are now being used in the real world to breach networks and steal information.
Cybersecurity researcher Greg Linares shared a Twitter thread on Oct. 10 providing an overview of a drone-based cyberattack he was privy to over the summer.
He explained it started when an unnamed financial company picked up unusual traffic on its network. A trace of the Wi-Fi signal behind the network activity led the threat hunters to the roof, where two drones were found. One was a modified DJI Phantom carrying what Linares called a "modified Wifi Pineapple device"; the other was a likewise modified DJI Matrice 600 drone loaded with "a Raspberry Pi, batteries, a GPD mini laptop, a 4G modem and another Wi-Fi device," he added.
The cyberattack was partially successful, allowing attackers to target the internal Atlassian Confluence page to get access to credentials and other devices, Linares said. However, the threat hunters found one of the drones damaged, but still functioning.
"The attack was a limited success, and it appears that once the attackers were discovered, they accidentally crashed the drone on recovery," Linares tweeted.
He explained this sort of drone exploit delivery attack probably cost no more than $15,000 to put together.
"Attackers are spending this range of budget in order to target your internal devices and are ok with burning it," he cautioned. "This is the third real-world drone based attack I have encountered in two years."
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
The Burnout Breach: How employee burnout is emerging as the next frontier in cybersecurity
Selling Breaches: The Transfer of Enterprise Network Access on Criminal Forums
5 Reasons To Move your PKI Deployment to the Cloud