Adversaries may gain initial access to target systems by connecting to wireless networks. They may accomplish this by exploiting open Wi-Fi networks used by target devices or by accessing secured Wi-Fi networks — requiring Valid Accounts — belonging to a target organization.(Citation: DOJ GRU Charges 2018)(Citation: Nearest Neighbor Volexity) Establishing a connection to a Wi-Fi access point requires a certain level of proximity to both discover and maintain a stable network connection.
Adversaries may establish a wireless connection through various methods, such as by physically positioning themselves near a Wi-Fi network to conduct close access operations. To bypass the need for physical proximity, adversaries may attempt to remotely compromise nearby third-party systems that have both wired and wireless network connections available (i.e., dual-homed systems). These third-party compromised devices can then serve as a bridge to connect to a target’s Wi-Fi network.(Citation: Nearest Neighbor Volexity)
Once an initial wireless connection is achieved, adversaries may leverage this access for follow-on activities in the victim network or further targeting of specific devices on the network. Adversaries may perform Network Sniffing or Adversary-in-the-Middle activities for Credential Access or Discovery.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CEK-03 | Data Encryption | mitigates | T1669 | Wi-Fi Networks |
Comments
This control provides cryptographic protection for data-at-rest and data-in-transit within the cloud environment. Encryption ensures the confidentiality and integrity of data, preventing unauthorized access or tampering. Ensuring that cloud-managed Wi-Fi or cloud-based networking traffic is encrypted appropriately can mitigate adversary exploitation of Wi-Fi networks.
References
|
| DSP-10 | Sensitive Data Transfer | mitigates | T1669 | Wi-Fi Networks |
Comments
The control describes the implementation of strong technical and procedural safeguards, such as TLS with strong keys)to protect sensitive data during transfer and prevent unauthorized access or interception. For this technique, Ensure that all wired and/or wireless traffic is encrypted appropriately. Use best practices for authentication protocols, such as Kerberos, and ensure web traffic that may contain credentials is protected by SSL/TLS. Further mitigation may include separating networking environments for Wi-Fi and Ethernet-wired networks for access to sensitive resources.
References
|