Security Trends/Attacks, SOCs and SIEMs
Louis Evans

Protect Your Systems from KRACK

Yesterday’s disclosed WiFi exploit, known as “KRACK” to security researchers, targets password-protect WiFi networks that use the WPA2 standard—which is to say, it targets every secure WiFi network out there. KRACK is short for “Key Reinstallation Attack”, which describes a method whereby attackers can install a new encryption key that enables them to decrypt the data that victims connected to the WiFi network transmit.  Depending on the WPA implementation in use, this vulnerability allows attackers to read Wi-Fi traffic between laptops/desktops and wireless access points, and in some cases even modify it to inject malware into websites.

The United States Computer Emergency Readiness Team issued a warning in response to the exploit announcement, noting that, since KRACK is a “protocol-level” exploit, “most or all correct implementations of the standard will be affected.”

For cybersecurity professionals, that’s the most exasperating thing about this type of discovery: you do everything right, and then you wake up to find that your organization is still vulnerable.

Fortunately, there are steps you can take to secure your organization from this and other vulnerabilities in wireless security protocol standards.

  1. Install latest patches: security researchers are working overtime to put together patches for WPA implementations that will secure them in the future. Your infrastructure will not have protection for this vulnerability until all systems and devices have been patched. You should patch your systems as your vendors make patches available, including any IoT devices like printers, cameras, medical devices, etc. Microsoft has already released a Windows patch, while an Apple patch is in beta and a Pixel patch is scheduled for early November. Now’s also a good time to make sure that your organization is equipped to rapidly, comprehensively, and non-disruptively install security patches across every system, so that you can minimize your window of vulnerability for this exploit, and future exploits as well.
  2. Site security: In order to perform a key reinstallation attack, the attacker must be in range of the wireless signal. Businesses should ensure that their site security prevents potential attackers from entering the facility, and where possible they should ensure that the WiFi signal does not extend to locations outside of their physical control.
  3. Secure information access policies: Even if your company’s WPA2 network is contained to a secure location, your employees may use their devices to access company information through a variety of private and public wireless networks—company guest networks, hotel and other corporate wireless networks, and home networks among them. For your own networks, you should implement network segmentation policies to isolate business-critical data. For off-site use, you should set clear policies about what business-critical data may be transmitted over off-site networks.
  4. Defense in depth of critical assets: when data is highly sensitive and valuable to your organization, don’t rely on the presumed strength of network security to protect it. Instead, use encrypted file sharing repositories, multi-factor authenticated access and other security best practices, so that a compromised network (whether from KRACK or another vulnerability) doesn’t directly expose you to attackers.
  5. Detection and response: items 1 through 4 above can help make your company a harder nut for attackers to crack. But there are more day zero exploits out there. Your business should consider investing in detection and response, which will allow your team to identify cyberattacks in progress, isolate affected systems, minimize impact, and resolve the incident. The best practice here is to build a dedicated internal cybersecurity team, or to take advantage of a managed detection and response service like AWN CyberSOC