A new KRACK (Key Reinstallation Attack) security flaw could cause many cyber-attacks in the coming days! Researchers have just updated a major flaw of the WPA2 protocol that secures WIFI exchanges. What are the consequences ? Are you affected by the KRACK security vulnerability ? And especially how to avoid exposing yourself to all these security flaws ?
What are the KRACK security vulnerability consequences ?
Currently, the vast majority of WiFi networks are vulnerable. A hacker can potentially listen to the traffic and decrypt it, hijack TCP connections, inject HTTP content, etc. It would also be possible to change the Dynamic Host Configuration Protocol (DHCP) settings, and so open gaps in the DNS.
Even we do not talk about cyber attacks here, the risk of compromising business data is real. But all devices are concerned (computers, tablets, smartphones, semiconductors, routers …) and all user data may be compromised.
Even worse, the affected devices could serve as a launching pad for larger-scale cyber attacks, such as ransomware or DDos.
Are you affected by the KRACK security vulnerability ?
Potentially, you are all affected because the flaw comes from “several vulnerabilities in the key management of the method” 4-way handshake “present in the Wi-Fi Protected Access Protocol II (WPA2)” according to the CERT.
The known vulnerabilities are : 2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088.
We invite you to quickly scan for vulnerabilities to find out what affected assets you have. Considering that the majority of access points should not get a patch quickly, it will allow you to move the most critical data to better protect them from a cyber attack.
How protect yourself against all these security breaches ?
We observe a common point between these security vulnerabilities and cyber-attacks: they use known vulnerabilities to act. All of these breaches are referenced and documented in the Common Vulnerabilities and Exposures (CVE) database. It is therefore possible to know if the IT infrastructure of your company is vulnerable or not before these attacks are disclosed.
This database is feed everyday by the new vulnerabilities ( 28 new ones in average in 2016 and almost 50 in 2017!).
Therefore, it is important to put in place monitoring tools to be alerted directly when a detected vulnerability is affecting the company IS.
The SecludIT security experts team works to improve business security and their response time with Elastic Detector. It automatically detects all security vulnerabilities and offers remediation solutions to reduce cyber attacks risk.
The graph above shows one of our client servers under surveillance and exposed to WannaCry and NotPetya breaches. We observe that an upstream vulnerability detection allows to carry out the remediation and apply the necessary patchs to avoid being hit by these 2 large cyberattacks.
If you also want to know the security flaws of your SI, we put at your disposal free Elastic Detector for 14 days.