Cyber Threats Are in the Air: Nozomi Networks Extends Detection to the Wireless Attack Surface

Cyber Threats Are in the Air: Nozomi Networks Extends Detection to the Wireless Attack Surface

Wireless is the greatest unanswered cybersecurity threat to critical infrastructure security, from IoT devices to smart cities to data lakes. Whether it’s wireless tools and robots on factory floors, drones used to monitor pipelines in remote oil fields or electric utilities wirelessly monitoring and managing their customers’ energy consumption, industrial organizations rely on wireless technologies every day to enable the seamless communication.

Unfortunately, most organizations today can only detect wireless threats when they connect to a wired network. This delays the ability to find and address problems sooner and in cases where operations are completely wireless, the threat may not ever be detected until the damage is done. That’s why Nozomi Networks has developed Guardian Air – a wireless sensor that provides OT and IoT environments much-needed visibility into wireless networks and devices.

The Growing Attack Surface

Efficiency and connectivity have driven the adoption of real-time data monitoring, remote-control for distributed equipment, and increased communications between systems, machines, and networks. While the benefits of wireless technology are undeniable, the integration of these systems into industrial and critical infrastructure environments has expanded the attack surface for malicious actors as well as created opportunities for unintended harm caused by employees and third-party suppliers.

In January, the Security Service of Ukraine asked owners and operators of webcams to stop broadcasting from their devices after Russian agents hacked into apartment building webcams in Kyiv to gather air defense information ahead of a missile attack on the city. Security researchers have separately analyzed at least three drone-based incidents whereby unknown actors attached rogue access points to nearby drones to probe networks and discover relevant exploitable vulnerabilities.

The increased use of wireless connections – sensors, controllers, IoT and more – opens the door for a broad array of new wireless-specific attacks, such as unauthorized access, antenna-for-hire, segmentation hopping, jamming and interference, evil twin attacks, among others. These are not imaginary risks; Nozomi Networks customers, for example, have shared incidents of stumbling upon LoRaWAN devices on critical production line machinery that the vendor installed for remote maintenance without making the asset owner aware of its wireless access and functionality.

To better understand the anatomy of a wireless attack, below we illustrate an attack using a wireless camera for entry and exploitation.

Some wireless attacks exploit weaknesses of seemingly harmless assets such as cameras to penetrate wireless or wired networks, plant malware, or attack assets inside an organization.

Are you monitoring at the wireless level?  

With increased complexity and stretched budgets, it is increasingly important to make sure you have the full picture of assets and devices accessing your networks and crown jewels. Threat detection and early warning of rogue access at the wireless level can help prevent a more serious intrusion or incident.

To reduce the severity of inevitable threats, Nozomi Networks is thrilled to announced Guardian Air. This multi-spectrum wireless security sensor was designed specifically for global OT and IoT environments. Guardian Air provides the wireless-level visibility OT organizations are lacking into their wirelessly enabled devices. This uniquely developed sensor monitors several prominent wireless frequencies, not just Bluetooth and Wi-Fi, to give you a real-time view of connected sensors, devices, laptops, and cell phones.

With Guardian Air, you can:

  • Continuously monitor prominent wireless frequency technologies used in OT and IoT environments including Bluetooth, Wi-Fi, cellular, LoRaWAN, Zigbee, GPS, Drone RF protocols, WirelessHART and more.
  • Immediately detect wirelessly connected assets and gain asset information to quickly address unauthorized installations.
  • Detect wireless-specific threats, including brute force attacks, spoofing, and bluejacking – with the added ability to determine the location of the devices performing the attacks.
  • Seamlessly integrate wireless data into a single OT & IoT security platform that unifies asset visibility from the endpoint and across wired and wireless networks.

Convenience and speed-to-productivity will continue to drive the deployment of wireless technologies across industrial organizations. Guardian Air helps keep wireless deployments secure by providing accurate visibility at the wireless level to minimize risk while maximizing resiliency. Guardian Air integrates easily into the Nozomi Networks Vantage platform, providing customers with combined network, endpoint and wireless visibility, threat and anomaly detection. Paired with our patented AI-powered analysis for real-time security management and remediation across the entire attack surface, asset owners are enabled than ever to proactively respond to security threats.

Guardian Air wireless sensors will be available this spring. In the meantime, we invite you learn more by registering for our February 14th webinar or scheduling a demo with us.