Small unmanned aerial vehicles (UAVs) will increasingly evolve from novelty items to “ubiquitous business tools” over the coming years, explained defense contractor Booz Allen Hamilton in a new 2020 Cyber Threat Trends Outlook report.
However, as they do, cyber-criminals may also look to take advantage by flying them close to target networks and/or landing them in concealed locations such as on roofs. In this way, a UAV could be fitted with a Wi-Fi Pineapple and used as a rogue access point to harvest credentials, perform man-in-the-middle attacks against employees and carry out network reconnaissance, the report warned.
IoT devices such as smart light bulbs, or even wireless mice could also be targeted.
“Drones equipped with specially fitted hardware and software may also be used to install malicious malware on systems or disrupt system’s operations, particularly devices that are vulnerable to exploitation of wireless protocols like Bluetooth and ZigBee,” the report claimed.
“The requirement for both the attacker and the drone to be in proximity to a target (e.g., Bluetooth has an estimated maximum range of 300 feet) will limit the frequency with which drone-based attacks will be used, but the threat nonetheless remains real.”
To mitigate the threat, Booz Allen Hamilton urged organizations to consider training physical security staff to spot drones, installing jamming signals and treating their airspace as an extension of the corporate attack surface.
“For small office/home office wireless networks, operators may consider mitigations commonly used to address war-driving attacks, such as turning off the wireless network when not in use, updating administrator passwords on routers regularly, and using security measures such as wireless traffic encryption and firewalls,” it added.
Elsewhere in its report, the IT consulting giant warned of a growing risk to satellite infrastructure, connected cars, the upcoming Tokyo Olympics and digital elections.