Today is World WiFi Day, and with the evolving cyber threat landscape of the past year, networks are facing new challenges originating from hybrid and remote work.
As employees use their home WiFi to connect to enterprise networks, they have the potential to increase the attack surface at their organization.
Andy Thompson, Global Research Evangelist at CyberArk, tested the resilience of home WiFi networks around the San Francisco area. Using a PMKID hash harvesting technique, Thompson was able to access 6% of home networks tested.
“More than just a danger to the individual, the ability to crack WiFi networks is now a danger to organizations,” said Thompson. “We now live in the world of hybrid work, which has expanded an already porous corporate security perimeter.”
“The routers that were susceptible to this attack are used by households and businesses worldwide. Worse, this hack was undetectable and couldn’t have been stopped by two-factor authentication, making it incredibly powerful. The risk to a business lies in an attacker infiltrating a network and then moving laterally to high-value applications or data, such as a billing system.”
“Another possible vector is for the attacker to gain initial access to a remote user’s WiFi and then jump to the user’s computer and wait for a VPN connection, or for the user to go to the office and move laterally from there.”
Using strong passwords is a critical step to ensuring network security, according to Thompson. For more network security tips, click here.