Today, we’re here to talk about the recent ransomware attack that hit Oakland, California. Now, before you start to panic, let’s break down what happened and what it means for the city.

First things first: what is ransomware? Essentially, it’s a type of malware that hackers use to gain control of a computer system or network. Once they have control, they encrypt all of the data on that system and demand a ransom in exchange for the decryption key. In other words, they hold your data hostage until you pay up.

About the Oakland Ransomware Attack

Now, let’s get back to Oakland. On April 27th, the city of Oakland announced that they had been hit with a ransomware attack. The attack affected the city’s email systems, phone lines, and some of its websites. The city’s emergency services were not affected, but the attack did cause significant disruptions to non-emergency services.

The ransom demand was not disclosed, but the city did say that they would not be paying it. Instead, they are working with law enforcement and cybersecurity experts to investigate the attack and restore their systems. The city has also urged residents to be cautious of potential scams and phishing attempts that may arise as a result of the attack.

Could NAC Have Stopped the Oakland Ransomware Attack?

While network access control (NAC) is not a silver bullet that can prevent all cyber attacks, it can be an effective tool in deterring certain types of attacks, including ransomware attacks like the one that hit Oakland.

With NAC, organizations can require that devices connecting to their network meet certain security standards, such as having up-to-date anti-virus software or not being known to be infected with malware. This can help prevent infected devices from accessing the network and spreading the ransomware to other systems.

In the case of the Oakland ransomware attack, it’s possible that NAC could have helped prevent the attack or at least minimize its impact. By enforcing security policies and requiring that all devices connecting to the network meet certain security standards, the city could have made it more difficult for the attackers to gain access to their systems.

Of course, it’s impossible to say for sure whether NAC would have prevented the attack in this specific case. Cybercriminals are constantly developing new tactics and techniques to bypass security measures, and there is always a risk that they will find a way to infiltrate even the most secure networks.

That said, NAC can still be a valuable tool in deterring cyber attacks and minimizing their impact. By implementing NAC alongside other security measures, organizations can create a layered defense that makes it much more difficult for attackers to gain access to their networks and data.

While the full impact of the attack is still being assessed, it serves as a reminder that ransomware attacks are a real threat to organizations of all sizes. In fact, the number of reported ransomware attacks has been on the rise in recent years. Cybercriminals are constantly looking for new ways to exploit vulnerabilities in computer systems and networks, and it’s up to organizations to take the necessary steps to protect themselves.

What Can You Do to Prevent these Sorts of Attacks?

So, what can you do to protect your organization from a ransomware attack? Here are a few tips:

• Keep your software up to date: Make sure that you’re running the latest versions of all software on your computer or device. Updates often include security patches that can help protect you from known vulnerabilities.
• Be cautious of suspicious emails: Phishing emails are a common way for cybercriminals to spread malware. Be wary of emails from unknown senders, and never click on links or download attachments unless you’re sure they’re legitimate.
• Back up your data: Regularly back up your important files to an external hard drive or cloud storage service. This way, if you do fall victim to a ransomware attack, you’ll still have access to your data.

Overall, the Oakland ransomware attack serves as a reminder of the importance of cybersecurity. While it can be easy to think that it won’t happen to you, the reality is that anyone can fall victim to a cyber attack. By taking the necessary precautions, you can help protect yourself and your organization from the devastating effects of a ransomware attack.

5G and IoT

The convergence of 5G technology and the Internet of Things (IoT) is poised to reshape the digital landscape, offering unprecedented opportunities for businesses and consumers alike.

As 5G networks roll out, they will provide the necessary infrastructure for IoT devices to communicate faster and more efficiently, enabling a new era of connectivity and innovation. Moreover, the integration of 5G technology is expected to boost the development of Industry 4.0, revolutionizing manufacturing processes and supply chain management through increased automation and data exchange. 

IoT in the 5G Era

According to a GSMA report, 5G technology will play a critical role in the growth of IoT, supporting a diverse range of applications across various industries. With higher bandwidth, ultra-low latency, and improved reliability, 5G networks will enable IoT devices to handle more data and perform more complex tasks, paving the way for innovations in areas such as autonomous vehicles, smart cities, and telemedicine. The integration of both technologies will also significantly impact the agricultural sector, helping to optimize resource management while enhancing sustainable practices.

5G’s Impact on IoT Development & Implementation 

5G holds transformative potential for IoT development and implementation. With faster connection speeds, lower latency, and enhanced reliability, 5G networks can support a wide range of IoT use cases that were previously impossible to achieve. This includes enabling real-time remote control of complex machinery, supporting massive IoT deployments in industrial settings, and facilitating large-scale data processing for predictive analytics.

IoT Security in the Age of 5G

Alongside opportunity and innovation admittedly comes new challenges with IoT security. The increased connectivity and data transmission capabilities of 5G networks may expose IoT devices to new security vulnerabilities and cyber threats. To address these concerns, businesses must prioritize security measures, such as encryption, authentication, and regular software updates, to protect their IoT devices and the sensitive data they generate.

Moreover, 5G network providers should adopt a proactive approach to security, implementing advanced threat detection and mitigation strategies to safeguard their networks from cyberattacks. Collaboration between network providers, device manufacturers, and other stakeholders is also essential to ensure a comprehensive and robust approach to IoT security in the 5G era.

Final Thoughts

IoT and 5G present a wealth of opportunities for businesses and consumers, driving innovation across various industries and transforming the way we live and work. By harnessing the power of 5G networks, IoT devices can achieve unprecedented levels of connectivity and efficiency, enabling a new era of digital innovation.

However, as we embrace the benefits, it is crucial to remain vigilant about the security challenges that may arise. By prioritizing IoT security and adopting a collaborative approach to protecting networks and devices, businesses and network providers can unlock the full potential of this powerful convergence while ensuring the safety and privacy of their data.

While some cyber-attacks announce their presence like a blaring siren, others fly quietly under the radar. This presents a significant challenge for network security teams, who are already battling increasingly frequent, sophisticated, and severe attacks.

One cunning technique that has gained considerable traction in recent years is Living-Off-The-Land (LOTL) attacks. Here, threat actors use an organization’s own tools and infrastructure to launch an attack, stealthily moving through the kill chain without the need for bespoke malware.

Alarmingly, these attacks are not only difficult to detect but also highly effective. For example, the Ponemon Institute found that fileless malware attacks (another term for a LOTL attack) are approximately ten times more likely to succeed than file-based attacks.

As LOTL attacks continue to skyrocket in popularity, organizations need to understand how they work and take proactive measures to prevent them. That’s what we’re going to be diving into today.

What Exactly is a Living off the Land (LOTL) Attack?

In a Living off the Land (LOTL) attack, attackers use pre-installed or legitimate tools on the victim’s system, which enables them to blend in with regular user activity and bypass security software.

Despite the term being coined in 2013, recent cybersecurity reports have noted a marked rise in LOTL attacks. But why have cybercriminals suddenly added LOTL attacks to their arsenal? The answer lies in how effectively these attacks bypass traditional security measures.

Instead of using new and sophisticated methods to attack a system, hackers can use tools already installed on a target system, such as PowerShell, Command Prompt, and other admin tools. Since these tools are legitimate and necessary for many everyday computer tasks, it can be difficult for security software to detect malicious activity when these tools are used in a LOTL attack. In other words, LOTL attacks don’t set off warning signals like many other attacks.

One thing that makes LOTL attacks unique is that they don’t leave any files behind. This is why they’re often called fileless malware. With no executable files or malware to detect, many cybersecurity tools simply won’t realize anything suspicious has occurred.

How Do LOTL Attacks Happen?

So, what does a LOTL attack actually look like? LOTL attacks share many of the same hallmarks as other cyberattacks; only they’re far more challenging to detect. Here is an overview of the process:

1. Initial Access: A hacker gains access to a network through another technique, such as phishing or social engineering. This gives the hacker an initial foothold in the target network.
2. Reconnaissance: Once inside the network, the hacker begins to gather information about the target systems and network architecture. The goal is to identify vulnerabilities that can be exploited to gain further access and control.
3. Lateral Movement: The hacker uses the information gathered in the reconnaissance phase to move laterally within the network. The goal is to find and compromise additional systems to establish persistence and gain greater control over the network.
4. Privilege Escalation: The hacker leverages the compromised systems to escalate privileges and gain access to sensitive data and critical systems.
5. Malicious Activities: Once the hacker has established a strong foothold in the network, they can carry out a range of malicious activities, including data exfiltration, installing backdoors, creating new tasks on remote machines, identifying configuration settings, and more.
6. Obfuscation: Throughout the attack, the hacker takes steps to obscure their activity and avoid detection. This can involve using tools like PowerShell or Command Prompt to run malicious code that is obfuscated to evade detection.

The Anatomy of LOTL Attacks

Hackers have a wide range of tools at their disposal to execute a LOTL attack. For example, attackers may use tools such as PowerShell, Windows Management Instrumentation (WMI), and Command Prompt to carry out malicious activities such as reconnaissance, data exfiltration, and lateral movement.

For example, an attacker might use the built-in Windows utility Netsh to create a reverse shell and gain access to a victim’s system. And many other techniques exist. For example, LOTL attacks can also use the Registry Console Tool (reg.exe) to maintain persistence, store settings for malware, and store executables in subkeys. Other commonly used tools in LOTL attacks include Windows Management Instrumentation (WMI), Service Control Manager Configuration Tool (sc.exe), Scheduled Tasks (AT.EXE Process), and Sysinternals such as PSExec.

Notably, LOTL attacks that leverage Remote Desktop Protocol (RDP) connections can be especially tricky for security teams to spot and stop because RDP is a critical service for system administrators.

Identifying which RDP connections are legitimate and which are not is like trying to find a needle in a haystack, especially when administrative credentials are involved. That’s why “known bads” and historical attack data just don’t cut it when it comes to stopping these types of attacks. Instead, a smarter, more comprehensive approach is needed that focuses on detecting anomalous activity in real-time.

LOTL Attacks In Action

Many high-profile cyber attacks in recent years have leveraged LOTL techniques and other tactics to devastating success. Here are some real-world examples:

1. NotPetya: One of the most destructive cyberattacks in history. It spread rapidly across networks in Ukraine and worldwide, causing billions of dollars in damages. The attackers used legitimate tools like PowerShell and PsExec to execute their malicious code, making it difficult to detect.
2. Olympic Destroyer: The attackers behind the 2018 Olympic Destroyer attack used a combination of spear-phishing and LOTL techniques to gain access to the Pyeongchang Winter Olympics’ network. They used legitimate administrative tools like PowerShell to carry out their attack, which disrupted the opening ceremony and caused widespread disruption.
3. TrickBot: This banking Trojan is known for its LOTL capabilities. It uses legitimate Windows tools like PowerShell and Windows Management Instrumentation (WMI) to evade detection and remain persistent on infected machines. TrickBot has been used to steal sensitive information and initiate fraudulent transactions.
4. Emotet: This malware has been used in various attacks targeting government organizations and private companies. It leverages LOTL techniques like using PowerShell to download and execute additional modules. Once installed, Emotet can steal credentials and spread to other machines on the network.

These are just a few examples of LOTL attacks seen in the wild. As these attacks become more sophisticated, organizations need to be aware of the risks and take steps to bolster their network security. That brings us to the next section – how to safeguard your network from LOTL attacks.

How to Protect Against LOTL Attacks

LOTL attacks may be difficult to detect, but that doesn’t mean network security teams are powerless to act. Companies can adopt several techniques and best practices to protect against Living-Off-The-Land attacks. Let’s look at some of the most effective methods.

Zero Trust and Least Privilege Access

Zero trust is a security model that assumes that every user, device, and application on a network is potentially malicious, and therefore, no one should be trusted by default. It does away with traditional perimeter-based security controls like firewalls and instead focuses on securing every asset on the network.

Zero trust can help prevent LOTL attacks in several ways. For example, imagine an attacker gains access to a user’s credentials through a phishing email. With those credentials, the attacker could log in to the victim’s account and move laterally through the network, looking for valuable data to exfiltrate. However, in a zero-trust environment, the attacker would not automatically be granted access to the network’s sensitive resources. Instead, they would need to pass multiple levels of authentication and authorization before being granted access.

In this scenario, the zero trust approach would require the attacker to authenticate themselves every time they attempt to access a resource, even if they had already authenticated once before. This multi-step authentication process makes it more challenging for attackers to gain access to the network and limits their ability to move laterally.

Furthermore, in a zero-trust environment, organizations can enforce granular access controls based on the principle of least privilege. This means that users and devices are only granted the minimum level of access necessary to complete their tasks. A least-privilege approach helps limit the attack surface, making it more difficult for attackers to access sensitive data or resources.

Some other effective ways of limiting LOTL attacks include:

1. Self-learning AI technology: Using self-learning AI technology, like machine learning algorithms, can help companies detect and prevent LOTL attacks by continuously analyzing network traffic, identifying abnormal behavior, and automatically taking action to stop potential attacks.
2. Network segmentation: Breaking down a network into smaller, more manageable segments can limit the spread of malware and prevent attackers from moving laterally within the network.
3. Multi-factor authentication: Multi-factor authentication (MFA) adds an extra layer of security to user login credentials by requiring users to provide multiple forms of identification, such as a password and a fingerprint scan or facial recognition.
4. Regular security assessments and testing: Regular security assessments and penetration testing can help identify vulnerabilities in a company’s network and applications, enabling proactive mitigation and prevention.

Final Thoughts

With LOTL attacks rising, organizations must proactively strengthen their network security and lock cyber criminals out. This is especially important because while LOTL attacks share many similarities with other cyberattacks, they are far more challenging to detect. As such, a smarter and more comprehensive approach is needed to detect anomalous activity in real-time to prevent these attacks.

TikTok, the viral social media app centered around short videos and owned by the Chinese company ByteDance, is coming under intense scrutiny. By now, many of us have seen a TikTok video filmed in someone’s workplace—those “day in the life” clips or rants about coworkers, supervisors, or customers. Or you may have seen a video of someone discussing an unrelated subject while sitting at their desk. It’s safe to say that TikTok has found its way into many workplaces, for better or for worse. But the issue goes deeper than catching unsanctioned glimpses into the workplace environment. Many organizations are worried about TikTok itself, the data it gathers, and which hands that data ends up in.

Does TikTok Pose a Security Risk to Corporate Networks?

TikTok, like any other social media app, can pose a potential security threat to a corporate network if used by employees. The app may collect personal information and usage data that could be exploited by cybercriminals, and the app’s security protocols could be compromised.

There have been concerns raised about TikTok’s data collection practices, which include tracking user behavior, location, and contacts. Additionally, TikTok’s parent company, ByteDance, is based in China, which has led to concerns about potential government access to user data.

If employees use TikTok on a corporate network, it could potentially compromise the network’s security. Hackers could exploit vulnerabilities in the app to gain access to sensitive corporate data or use the app as a vector to distribute malware to other devices on the network.

To mitigate these risks, companies may choose to restrict or ban the use of TikTok on their corporate networks. They could also implement security protocols and software to monitor and control access to social media apps and other potentially risky applications. Additionally, it’s essential to educate employees about the potential risks associated with using social media apps on company devices and networks.

TikTok Security Concerns Are Mounting

Many states have growing TikTok security concerns. These concerns have led 18 Republican-led states to ban the use of the app on government devices. Federal agencies also bar staffers from using TikTok on their government phones and devices, including the Pentagon, the State Department, and the Transportation Security Agency.

Moreover, Europe is taking a similar approach to TikTok risk, with the European Parliament banning the app on staff phones. This move came just one day after the White House gave federal agencies 30 days to remove TikTok from all government devices. Canada has also followed suit, banning TikTok from government devices over security concerns.

But what TikTok security concerns are at play here? More generally, officials believe that the app could collect sensitive data from users, which the Chinese government may then access. In addition, they’re equally worried that the app may pose a threat to network security and endpoint security. For example, could the app be used to access sensitive information on government devices or to infiltrate government networks (an attack vector)?

The concern here stems from a lack of trust in ByteDance and fears over how much access and control Beijing has over the company and, subsequently, the app. ByteDance denies allegations that the Chinese government is involved in its operations, but these denials are largely falling on deaf ears.

Assessing the Seriousness of the Risk

There have been some reports of cybersecurity incidents involving TikTok, but it’s not clear if any companies have specifically experienced a cyber attack involving the app.

For example, in 2020, TikTok was found to be accessing users’ clipboards on iOS devices, which raised concerns about the app’s data collection practices. However, there have been no reports of TikTok being used as a vector for a cyber attack specifically targeting a corporate network.

That being said, it’s important to note that the threat landscape is constantly evolving, and new threats can emerge at any time. Companies should remain vigilant and take steps to mitigate potential risks associated with the use of social media apps on their networks, including TikTok.

TikTok Security Strategies Are Evolving

Government agencies banning TikTok is noteworthy, but what does it mean for everyone else? Some argue that governments are being a little paranoid, especially in assessing TikTok’s risk to endpoint security and network security. Still, others argue that governments have a duty to take stringent security measures regarding government data and systems.

But what should private companies do? First, it’s important to note that TikTok poses other significant concerns. For example, employees may unintentionally share confidential company information by filming a video with visible employee screens. They may also give the company a bad reputation by sharing negative stories about the workplace on the platform.

The less popular app BeReal is also coming under scrutiny for similar reasons. BeReal takes a less sensationalist approach than TikTok (it has no filters, hashtags, or followers) and is aimed at users showing an unfiltered view of their everyday life. Since this app requires you to be someone’s friend before you view their BeReal, it may create a false sense of security where users feel less inclined to censor confidential information.

Companies will have to determine their own risk tolerance, but it’s telling that organizations most focused on cybersecurity believe that TikTok is a significant security risk. More widely, companies should update their social media policies to define whether TikTok is allowed on company devices and how (and if) its use is sanctioned in the workplace – don’t leave your security up to chance!

Enterprise security attackers are growing in number and sophistication. Organizations are only one password away from it being their worst day. To that point, is it time to ditch all those annoying, hackable passwords and live in a passwordless society?

Passwords have been the primary method of authentication for decades. While they have served their purpose and served it well, there may be better alternatives for protecting your mission-critical data and digital resources. As technology advances, cybercriminals find new ways to steal corporate credentials, making password security less effective.

In fact, according to a recent study, 81% of company data breaches were due to poor passwords. Password reuse is of particular concern as it could lead to credential stuffing attacks where threat actors take advantage of reused credentials by automating login attempts against systems using known emails and password pairs.

The same report revealed that 80% of hacking incidents were caused by stolen or reused login information.

These attacks weren’t on small companies with limited resources and weak cybersecurity protocols. They were on household name enterprises such as Ticketmaster, GoDaddy, Microsoft, SolarWinds, and even the New York City Law Department. In the case of SolarWinds, the hackers could get in with a weak password an intern had been using (“solarwinds123”), which was publicly accessible via a misconfigured GitHub repository.

Not only are passwords less secure, but they are also productivity inhibitors. In another recent report on passwordless security, 45% of respondents indicated that a passwordless approach to security would increase productivity.

In addition to weak passwords and credential reuse, passwords can be a hindrance to enterprise security in several ways:

1. Passwords can be easily compromised: Bad actors can steal or hack credentials using various methods, such as phishing, brute force attacks, or social engineering.
2. Password Sharing: Employees may share their passwords with others, which can put enterprise data at risk. Password sharing is especially problematic when employees leave the company or change positions, as they may be disgruntled or their old passwords remain active.
3. Human Error: Employees may inadvertently reveal passwords through phishing scams or other social engineering tactics, which gives attackers access to enterprise data even if they do not have the correct login credentials.
4. Lack of Two-Factor Authentication: Passwords alone may not be enough to secure enterprise accounts. Two-factor authentication can add an extra layer of security.
5. User frustration: Password policies can frustrate users who must remember multiple passwords, adhere to strict complexity rules, and change them frequently.
6. Cost of password management: Organizations need to invest in password management systems, such as password policies, training, and resets. These systems can be costly and time-consuming.

Given these reasons, enterprises should consider more secure alternatives to password security, such as Zero Trust, biometrics, multi-factor authentication, and certificate-based authentication. As compromised credentials continue to be a common attack vector, it only takes one nefarious login to bring a company to its knees. Of course, enterprises can’t just suddenly pull the plug on passwords altogether, but it is an option worthy of consideration.

Wi-Fi authentication is the process of verifying the identity of a user or device that wants to connect to a wireless network. Corporate networks, especially those in manufacturing companies, retailers, and healthcare organizations, often require strong authentication mechanisms to ensure the security of their data and systems.

There are several methods of Wi-Fi authentication, including:

• Pre-Shared Key (PSK) authentication: This method involves the use of a shared password that is distributed to all users who are authorized to connect to the network. This is a simple and easy-to-implement method, but it can be less secure than other methods because the password can be easily shared or intercepted. (NOTE: At Portnox, we strongly urge organizations NOT to use PSKs for network authentication and access due to its inherent vulnerability.)
• 1X authentication: This method involves the use of a RADIUS (Remote Authentication Dial-In User Service) server that verifies the identity of users or devices attempting to connect to the network. The server uses a certificate-based authentication process, which is much more secure than PSK authentication.

Wi-Fi Authentication Woes Experience by Manufacturers

For many manufacturers, Wi-Fi authentication is critical for ensuring the security of the network and the sensitive data that is transmitted over it. The authentication process must be fast and seamless to avoid disrupting production processes. The use of 802.1X authentication is common in manufacturing companies, as it provides strong security and can easily integrate with existing user management systems.

Manufacturing companies are also vulnerable to cyber-attacks that target their Wi-Fi networks. Here are some examples of notable cyber-attacks against manufacturers that targeted Wi-Fi networks:

• NotPetya ransomware attack: In June 2017, the NotPetya ransomware attack affected several global manufacturers, including Merck, FedEx, and Maersk. The attack exploited a vulnerability in Ukrainian accounting software and spread rapidly, encrypting data on infected machines, and demanding a ransom in exchange for the decryption key.
• Dragonfly 2.0 attacks: Between 2015 and 2018, a group of hackers known as Dragonfly 2.0 targeted energy and manufacturing companies in the US, Europe, and Asia. The attacks included the use of spear-phishing emails and the installation of malware on targeted systems, potentially providing a gateway to the companies’ Wi-Fi networks.
• Havex malware attack: In 2013, a group of hackers known as Energetic Bear targeted several industries, including manufacturing and energy. The attacks included the use of spear-phishing emails and the installation of malware known as Havex on targeted systems. The malware was designed to collect data on the systems, potentially including login credentials for Wi-Fi networks used by the manufacturers.
• Trisis malware attack: In 2017, a malware attack known as Trisis targeted a Saudi Arabian petrochemical plant. The malware was designed to manipulate the plant’s safety systems, potentially causing a catastrophic industrial accident. The attack reportedly exploited vulnerabilities in the plant’s Wi-Fi network.

Retailers Caught with Their Wi-Fi Pants Down

In the retail industry, Wi-Fi authentication is used for both internal and external purposes. Retailers use Wi-Fi networks to provide internet access to their customers, but also to manage their inventory and point-of-sale systems. Strong authentication is important for protecting sensitive customer information and preventing unauthorized access to sales data.

Retailers are also vulnerable to cyber-attacks that target their Wi-Fi networks. Here are some examples of notable cyber-attacks against retailers that targeted Wi-Fi networks:

• Target data breach: In 2013, hackers gained access to Target’s network through a vulnerability in the company’s HVAC system, which was connected to Target’s Wi-Fi network. The hackers stole data on 40 million credit and debit cards and 70 million customer records.
• Home Depot data breach: In 2014, hackers gained access to Home Depot’s network through a vulnerability in the company’s Wi-Fi network. The hackers stole data on 56 million credit and debit cards and 53 million customer email addresses.
• Wendy’s data breach: In 2016, hackers gained access to Wendy’s network through a vulnerability in the company’s Wi-Fi network. The hackers stole data on 18 million payment cards used at Wendy’s restaurants.
• Forever 21 data breach: In 2017, hackers gained access to Forever 21’s network through a vulnerability in the company’s Wi-Fi network. The hackers stole data on credit and debit cards used at certain Forever 21 stores.

Wi-Fi Hacks in Healthcare that Just Hurt

Wi-Fi authentication is used widely across the Healthcare industry to ensure the security of patient data and to comply with HIPAA regulations. Healthcare organizations require a high level of security for their networks, as the data transmitted over them can include sensitive medical information.

There have been several notable cyber-attacks against healthcare organizations that targeted Wi-Fi networks. Here are a few examples:

• WannaCry ransomware attack: In May 2017, the WannaCry ransomware attack affected healthcare organizations in the UK, Spain, and other countries. The attack exploited a vulnerability in Microsoft Windows systems and spread quickly, encrypting data on infected machines, and demanding a ransom in exchange for the decryption key.
• VPNFilter malware attack: In 2018, the US Department of Justice announced that a group of Russian hackers known as APT28 had infected hundreds of thousands of routers with malware known as VPNFilter. The malware allowed the hackers to steal data and control the routers, potentially providing a gateway to the healthcare organizations’ Wi-Fi networks.
• ShadowPad backdoor attack: In 2017, researchers discovered that the popular CCleaner software had been compromised, with a backdoor known as ShadowPad installed on users’ systems. The backdoor allowed hackers to gain access to sensitive data, potentially including login credentials for Wi-Fi networks used by healthcare organizations.
• BlueBorne Bluetooth attack: In 2017, researchers discovered a vulnerability in Bluetooth devices that could allow hackers to take control of devices without user interaction. This could potentially allow hackers to gain access to Wi-Fi networks used by healthcare organizations, which often rely on Bluetooth-enabled devices for patient monitoring and other purposes.

If Only They Used 802.1X for Wi-Fi Authentication

As we mentioned earlier, and as some of these hacks will illustrate, 802.1x authentication is considered the most secure WiFi authentication method because it provides a way for the network to verify the identity of each client device that tries to connect to the network. Here are some reasons why:

• User authentication:1x authentication requires users to provide their unique credentials, such as username and password, before being granted access to the network. This helps ensure that only authorized users are accessing the network and that their activities can be tracked and monitored.
• Mutual authentication: In addition to verifying the identity of the client device, 802.1x authentication also verifies the identity of the network. This means that both the client and the network have to authenticate each other before allowing access, which helps prevent man-in-the-middle attacks.
• Dynamic encryption keys: With 802.1x authentication, each client device is assigned a unique encryption key that is used to secure the communication between the client and the network. These keys are dynamically generated, meaning they change frequently, which makes it difficult for attackers to intercept and decode the network traffic.
• Granular access control:1x authentication allows network administrators to define access policies based on user roles, device types, and other factors. This enables them to control exactly who has access to which parts of the network, reducing the risk of unauthorized access.

Overall, 802.1x authentication provides strong security for WiFi networks by requiring user authentication, mutual authentication, dynamic encryption keys, and granular access control. While it may be more complex to set up and manage than other authentication methods, the extra security measures it provides can help protect against a range of attacks and keep sensitive data and resources safe.