Research shows the vast majority of Wi-Fi networks are vulnerable to a popular type of denial-of-service (DoS) attack that is frequently deployed in larger cyber intrusion efforts.
A new report from Nozomi Networks that analysed telemetry from hundreds of OT and IoT environments found 94% of Wi-Fi networks lacked the proper protections against deauthentication attacks.
Deauthentication attacks are a form of DoS attack that targets openings in network protocols to force devices off the network and disrupt operations.
The report noted that these attacks are often leveraged in the opening stages of larger, more devastating attacks, softening up the organization’s defenses for future attempts to infiltrate their network.
“They leverage a built-in feature in the Wi-Fi protocol, specifically in the management frames used for communication between devices and access points. By transmitting fake deauthentication frames, attackers can force devices to disconnect from the network,” the report explained.
“This can escalate into more severe disruptions, such as data interception and unauthorized access, especially when combined with additional malicious actions.”
Nozomi added that the crux of the problem lies in that only 6% of the observed wireless networks featured management frame protection (MFP), which it describes as a crucial security feature that prevents attackers from spoofing management frames.
This means that virtually all networks, including those that underpin critical national infrastructure (CNI), are vulnerable to malicious attacks, the report warned.
“The vast majority of wireless networks, including those in mission-critical environments, remain highly exposed to these kinds of attacks. In healthcare, for example, vulnerabilities in wireless networks could lead to unauthorized access to patient data or interference with critical systems,” Nozomi said.
“Similarly, in industrial environments, these attacks could disrupt automated processes, halt production lines or create safety hazards for workers.”
Wireless security is a critical priority
The report warned that in light of recent attacks from state-linked threat groups targeting networks at CNI organizations, wireless network security has emerged as a critical factor in bolstering resilience.
In recent years, groups like Volt Typhoon and Salt Typhoon have been responsible for compromising network infrastructure at organizations across a range of critical sectors in the US and further afield.
The groups are linked to attacks on the US telecoms industry, where the attackers are said to have recorded conversations of very senior political figures, as well as established persistence on the networks of organizations that make up the US electricity grid.
The report highlighted a number of the other common threats used to target wireless networks. For example, attackers can deploy rogue access points to impersonate legitimate networks and trick devices into connecting to them and exposing sensitive information.
Jamming attacks are another popular method where malicious actors overwhelm wireless networks in order to force downtime and operational disruptions.
The report also warned eavesdropping attacks, where communications on unencrypted wireless protocols are intercepted, allow threat actors to steal credentials, read sensitive data, or monitor operations.
Nozomi emphasized that the modern threat landscape requires a shift from static to dynamic security measures, which includes implementing a risk reduction strategy, prioritizing anomaly detection and response, strengthening endpoint security, and applying network segmentation to limit the reach of attacks from botnets.
Organizations should strengthen wireless network security with regular audits and this should include prioritizing mitigating common threats, such as deauthentication attacks.
