This article discusses the vulnerabilities associated with users connecting to various Wi-Fi networks, particularly identifying risks from open access points, and how network characteristics can be used for threat detection. It emphasizes the importance of securing devices before they access sensitive organizational resources and offers methods for identifying risky connections. Affected: Users, Organizations, Network Security
Keypoints :
- Users frequently connect to Wi-Fi networks and personal hotspots, leading to security vulnerabilities.
- Networks can be categorized based on user restrictions, such as unrestricted or limited to specific countries or device types.
- Wi-Fi and hotspot connections can be analyzed using specific device attributes to detect potential security threats.
- Signals like the default gateway β172.20.10.1β and keywords in network names (e.g., βFREEβ, βOPENβ) can indicate the presence of potential Evil Twin attacks.
- Organizations can secure access by employing VPNs, endpoint IOCs, and Conditional Access policies.
- Devices may still pose risks if they connect to potentially malicious sites on external networks.
- Distinct detection rules can be established for identifying risky user behaviors on shared networks.
MITRE Techniques :
- T1071 β Application Layer Protocol: Users connecting through various network types including shared hotspots may utilize application protocols which can be monitored.
- T1499 β Endpoint Denial of Service: An entire organization could face risks if devices contaminated from outside networks access internal systems.
- T1070 β Indicator Removal on Host: Users operating on insecure networks may access systems previously infected without any identifiable signs.
Indicator of Compromise :
- No IoCs Found