Drones are the future of cybercrime

Por

The Ukrainian military is teaching the world how to creatively use drones for battlefield offense and defense. Ukraine has built a vast arsenal of drones customized for precision strikes, reconnaissance, and kamikaze missions.

But this innovation also extends to cybersecurity offense and defense.

The world’s malicious cyber attackers are learning from the Ukrainian example. And so should everyone in IT, especially those focused on cybersecurity.

How Ukraine uses drones in the cybersecurity realm

New reports from Ukraine claim that the military is now embedding malware into drones to disrupt Russian systems and defend against cyberthreats. When captured, the drones sabotage enemy hardware by burning out USB ports, blocking reprogramming, or even hijacking control systems to expose operator locations if their enemy tries to reuse them. Some malware even embeds vulnerabilities that can be later exploited remotely.

These customizations add enormous friction to the Russian practice of repurposing seized Ukrainian drones while simultaneously gathering intelligence for Ukraine.

Before the war, Ukraine had a strong cybersecurity industry with a lot of expertise. And it’s now integrating global expertise. For example, the company Periphery has donated tech to the Ukrainian cause. Periphery is a UK-based cybersecurity firm specializing in military-grade threat management systems for IoT devices, offering embedded AI-driven solutions that monitor, adapt, and protect critical infrastructure. Periphery technology is now protecting Ukrainian drones from hacking and interference.

In the beginning, Ukraine sent simple consumer drones into battle to capture video or drop grenades. These days, drones are increasingly outfitted with offensive and defensive cyberattack capabilities if their opponent hacks or captures them.

The use of malware in drones is a perfect example of how small code scripts can have a big impact when embedded in flying computers.

But wait, you say. What does this have to do with me?

Let me tell you a little story first told on X by security researcher Greg Linares.

During the summer of 2022, an East Coast financial services company specializing in private investments became the target of a new kind of cyberattack involving drones. The incident came to light when the company’s cybersecurity team detected unusual activity on its internal Atlassian Confluence page. The activity appeared to originate from within the company’s network, but the same MAC address was simultaneously being used remotely by an employee working from home.

The security team acted quickly, deploying a Fluke AirCheck Wi-Fi Tester to trace the rogue signal. The investigation led them to the roof of their building, where they discovered two modified drones: a DJI Phantom and a DJI Matrice 600. The Phantom drone was equipped with a Wi-Fi Pineapple device (a tool typically used for penetration testing, but abused here to spoof the company’s legitimate network.) This allowed attackers to intercept login credentials when employees unknowingly connected to the fake network. The Matrice drone carried a more extensive payload, including a Raspberry Pi, a GPD mini laptop, a 4G modem, additional Wi-Fi devices, and batteries.

Later, the team discovered that the Phantom drone had been used days earlier for reconnaissance, capturing an employee’s credentials and Wi-Fi access without detection. These credentials were then hardcoded into the tools deployed on the Matrice drone. The attackers aimed to exploit these credentials to access the company’s internal Confluence page and potentially other resources stored there.

The attack was thwarted, but the perpetrators were never caught.

To be clear, the attack itself wasn’t especially exotic; it could result from an insider threat of some kind. What made it unique was that by lashing hardware to drones, attackers could easily overcome physical security and remain anonymous.

Even more surprising, that wasn’t even the first-time drone-hacking had been demonstrated.

Back in December of 2013, security researcher Samy Kamkar unveiled a project called SkyJack, a drone-hacking system that could autonomously take control of other drones mid-flight. Using a Parrot AR.Drone 2.0, a Raspberry Pi, and custom software, Kamkar demonstrated how consumer drones could be taken over. His system exploited the unencrypted Wi-Fi connections used by Parrot drones, disconnecting their rightful operators and assuming control to create what he described as an “army of zombie drones” under his control.

The SkyJack system worked by scanning for nearby Wi-Fi signals associated with Parrot drones. Once they were identified, it used open-source tools such as Aircrack-ng to perform a “deauthentication attack,” severing the link between the drone and its original pilot. Kamkar’s software then impersonated the pilot, taking over the drone’s controls and accessing its live video feed. The entire process was automated.

It’s time to face the reality of drone-based cyberattacks

The rapid evolution of consumer drone technology is reshaping its potential uses in many ways, including its application in cyberattacks.

Modern consumer drones are quieter, faster, and equipped with longer battery life, enabling them to operate further from their operators. They can autonomously navigate obstacles, track moving objects, and capture high-resolution imagery or video.

For example, the DJI Mini 4 Pro, which typically costs around $750, can fly over 12 miles away from the person controlling it and take 4K video at 100 frames per second. It can also automatically follow a car at speeds of up to 35 miles per hour while avoiding all obstacles.

The opportunity is obvious. One example: A cyberattacker could attach hacking gear to such a drone and have it follow an employee home after work. It could then land on the roof of that person’s home and hack a computer in the home office that tunnels into the company network.

And there are so many other uses for drones in cyberattacks:

  • Network sniffing and spoofing: Drones can be equipped with small, modifiable computers such as a Raspberry Pi to sniff out information about Wi-Fi networks, including MAC addresses and SSIDs. The drone can then mimic a known Wi-Fi network, and if unsuspecting individuals or devices connect to it, hackers can intercept sensitive information such as login credentials.
  • Denial-of-service attacks: Drones can carry devices to perform local de-authentication attacks, disrupting communications between a user and a Wi-Fi access point. They can also carry jamming devices to disrupt Wi-Fi or other wireless communications.
  • Physical surveillance: Drones equipped with high-quality cameras can be used for physical surveillance to observe shift changes, gather information on security protocols, and plan both physical and cyberattacks by identifying potential entry points or vulnerabilities. Thermal imagers can even detect temperature variations to locate sensitive equipment such as servers.
  • Data interception: Drones can be modified to intercept various wireless communications, including Wi-Fi, Bluetooth, and RFID signals, to steal data. For example, a drone could target Bluetooth-connected keyboards to record keystrokes and potentially obtain usernames and passwords.
  • Delivery of malicious hardware: Drones can carry and drop off small devices like Raspberry Pis or Wi-Fi Pineapple devices near a target building to infiltrate networks from within close proximity. These devices can then be used to conduct various cyberattacks.
  • Delivery of malicious software: While less explicitly detailed for consumer drones, the concept of weaponized drones carrying malware (as in the Ukraine conflict) suggests a potential path for malicious actors.
  • Attacking physical infrastructure supporting cyber systems: Drones could be used to physically attack infrastructure that supports cyber operations, such as rooftop cooling systems for data centers, causing disruptions that could lead to data loss or system failures.

Drone-based threats will soon descend from the sky to attack your network and data security. As we enter the age of drone-borne cyberattacks, the time is now to rethink your entire security system, especially physical security — and keep an eye on the sky.

Posts Similares

Agentic AI might soon get into cryptocurrency trading — what could possibly go wrong?

Agentic AI might soon get into cryptocurrency trading — what could possibly go wrong?

Por

Proponents of Web3 — what’s been called the next-gen internet — believe it could go mainstream this year by merging AI agents with blockchain to create secure, decentralized, and user-friendly digital experiences. Agentic AI holds out the promise of simplifying complex tasks such as crypto trading or managing digital assets by automating decisions, enhancing accessibility,…

Apple is the latest company to get pwned by AI

Apple is the latest company to get pwned by AI

Por

It’s happened yet again — this time to Apple. Apple recently had to disable AI-generated news summaries in its News app in iOS 18.3. You can guess why: the AI-driven Notification Summaries for the news and entertainment categories in the app occasionally hallucinated, lied, and spread misinformation.  Sound familiar?  Users complained about the summaries, but Apple…

Chinese firms accused of poaching Taiwan’s chip engineers using bogus front companies

Chinese firms accused of poaching Taiwan’s chip engineers using bogus front companies

Por

Chinese companies are trying to cut Taiwan’s lead in semiconductor technology by hiring away its best engineering talent through ‘front’ companies that hide their connections to China, the Taiwanese Ministry of Justice Investigation Bureau (MJIB) has alleged. In a dramatic crackdown on the practice last week, MJIB said its agents raided 11 Chinese companies in…

The irritating but amusing irony of Google’s Gemini interface

The irritating but amusing irony of Google’s Gemini interface

Por

Look, if you’ve read this column for long now, you know I’m extremely guarded with my enthusiasm for Gemini and the other similar large-language-model AI answer-bots. Plain and simple, they just aren’t reliable as on-demand answer genies — despite being positioned as exactly that — and they’ve got a nasty habit of coughing up inaccurate…

Monday.com aims to be an ‘AI-First’ platform with latest enhancements

Monday.com aims to be an ‘AI-First’ platform with latest enhancements

Por

Monday.com has accelerated its push into artificial intelligence (AI) with the announcement this week of its AI vision, which includes three areas of focus: AI Blocks, embedded Product Power-ups, and a forthcoming Digital Workforce of AI agents. The new features, the company said in its announcement, “will give SMBs and mid-market companies a competitive advantage…

How to keep SMBs open for business – even when the power goes out

How to keep SMBs open for business – even when the power goes out

Por

Internet outages are bad news for small- to medium-sized businesses. Point-of-sale systems won’t work when connections fail, meaning transactions can’t go through and revenue is lost until service is restored. And, as we know from the news, the situation is only getting worse with the increasing frequency of intense storms that tear down lines. SMBs…

Deixe um comentário

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *