It would seem that all digital information transmission channels are already encrypted, and some even twice. Intercepting other people's traffic is almost impossible and very labor-intensive. But sniffing attacks still appear in incident reports. Even if much less often than ten years ago.
How and why do attackers "listen" to other people's traffic? Will sniffing attacks be relevant in the future? About this and more-in a new article by Cyber Media.
A sniffing attack is an incident in which attackers "listen" to transmitted information on the network (as in the case of telephone conversations). The main goal of hackers is to obtain data about a user or company, which can then be used for criminal purposes.
The maximum number of sniffing attacks occurred in the 1990s. However, they also happen in our time. For example, in January 2020, it became known about criminals from Indonesia who infected almost two hundred sites with the GetBilling JS sniffer. The list of victims included online stores in the United States, Brazil, Australia and other countries.
The second high-profile example is the sniffing attack on British Airways. In 2018, using the same JS-sniffer, criminals managed to intercept the financial and personal data of 380 thousand users of the company's website and mobile application.
At the same time, attackers do not despair and find effective ways to bypass encryption. If they succeed, they intercept the traffic. Especially if you have already managed to get to the company's internal network, explains Sergey Polunin.
Sometimes attackers do not even try to bypass encryption and are content with passively collecting encrypted data. It helps you identify the file and mail servers that the client communicates with, domain controllers, and DNS servers without additional network scanning and security measures being triggered.
In addition, a new type of sniffer has been developed in recent years. These include solutions for intercepting network traffic distributed over radio channels, Wi-Fi, and GSM.
Another risk factor is the GSM standard. Mobile devices continue to use it for communication when more modern protocols are not available. Listening to such traffic does not require significant computing resources, but it can provide hackers with a lot of confidential information transmitted in conversations and SMS messages, experts say.
It's not just keyboards that are sensitive to Bluetooth attacks, adds Alexey Semenychev. This type of attack can affect IoT and mobile devices. And this is confirmed by the latest news. So, in September, the presentation of a device based on the Raspberry Pi Zero 2 W device, which can hack any gadget from Apple, took place.
At the same time, hackers in the process of sniffing are increasingly using modern tools that allow you to automate many operations. An example is BetterCap, which initially collects information for a MITM (Man-in-The-Middle) attack and then automatically searches for credentials in traffic.
According to the expert, BetterCap can also be used in conjunction with tools for creating false access points. For example, to the most popular free Wi-Fi network in the capital – MT_FREE. If your smartphone doesn't automatically connect to Wi-Fi hotspots, you can easily become a victim of a MITM attack.
Other experts believe that attackers will continue to find vulnerabilities in existing data transmission methods and encryption protocols. But sniffing itself will change significantly-in response to new technologies and security tools.
While the purpose of such attacks, as experts explain, remains the search for confidential data. But over time, the analysis of resources that a person visits may come to the fore.
Indeed, traffic interception can become a pinpoint weapon that is used to collect information about employees or the company as a whole. However, the success of such attacks in the future is still doubtful for experts.
In any case, traffic encryption and network security will be enhanced, and the information available for interception will be reduced. However, this will not stop attackers-they will start looking for new ways to bypass protection, experts warn.
The evolution of traffic interception is a logical response to changes in information security technologies and environments. That is why sniffing can become more intelligent and large-scale in the future.
Moreover, sniffers will definitely develop, albeit in a new field – in wireless data transmission technologies. Time will tell how powerful this evolution will be. And new public cases of successful sniffing attacks, of course.
How and why do attackers "listen" to other people's traffic? Will sniffing attacks be relevant in the future? About this and more-in a new article by Cyber Media.
Theory with history, or What is sniffing?
We remind you that most often sniffing in information security is called unauthorized interception and analysis of network packets. A crime is committed using a special class of sniffer apps. If such tools are used for pentests and other good purposes, they are called "traffic analyzers". tcpdump and tshark are considered classic solutions of this type.A sniffing attack is an incident in which attackers "listen" to transmitted information on the network (as in the case of telephone conversations). The main goal of hackers is to obtain data about a user or company, which can then be used for criminal purposes.
The maximum number of sniffing attacks occurred in the 1990s. However, they also happen in our time. For example, in January 2020, it became known about criminals from Indonesia who infected almost two hundred sites with the GetBilling JS sniffer. The list of victims included online stores in the United States, Brazil, Australia and other countries.
The second high-profile example is the sniffing attack on British Airways. In 2018, using the same JS-sniffer, criminals managed to intercept the financial and personal data of 380 thousand users of the company's website and mobile application.
What about today?
Sniffers are still part of the hacker's basic toolkit. However, they are rarely used and in special cases, experts say. The fact is that current information transfer protocols are usually well protected from such malware.At the same time, attackers do not despair and find effective ways to bypass encryption. If they succeed, they intercept the traffic. Especially if you have already managed to get to the company's internal network, explains Sergey Polunin.
Sometimes attackers do not even try to bypass encryption and are content with passively collecting encrypted data. It helps you identify the file and mail servers that the client communicates with, domain controllers, and DNS servers without additional network scanning and security measures being triggered.
In addition, a new type of sniffer has been developed in recent years. These include solutions for intercepting network traffic distributed over radio channels, Wi-Fi, and GSM.
Another risk factor is the GSM standard. Mobile devices continue to use it for communication when more modern protocols are not available. Listening to such traffic does not require significant computing resources, but it can provide hackers with a lot of confidential information transmitted in conversations and SMS messages, experts say.
It's not just keyboards that are sensitive to Bluetooth attacks, adds Alexey Semenychev. This type of attack can affect IoT and mobile devices. And this is confirmed by the latest news. So, in September, the presentation of a device based on the Raspberry Pi Zero 2 W device, which can hack any gadget from Apple, took place.
At the same time, hackers in the process of sniffing are increasingly using modern tools that allow you to automate many operations. An example is BetterCap, which initially collects information for a MITM (Man-in-The-Middle) attack and then automatically searches for credentials in traffic.
According to the expert, BetterCap can also be used in conjunction with tools for creating false access points. For example, to the most popular free Wi-Fi network in the capital – MT_FREE. If your smartphone doesn't automatically connect to Wi-Fi hotspots, you can easily become a victim of a MITM attack.
Future sniffers
Sniffing as a means of intercepting traffic will become a thing of the past. This is the opinion of some Cyber Media interlocutors.Other experts believe that attackers will continue to find vulnerabilities in existing data transmission methods and encryption protocols. But sniffing itself will change significantly-in response to new technologies and security tools.
While the purpose of such attacks, as experts explain, remains the search for confidential data. But over time, the analysis of resources that a person visits may come to the fore.
Indeed, traffic interception can become a pinpoint weapon that is used to collect information about employees or the company as a whole. However, the success of such attacks in the future is still doubtful for experts.
In any case, traffic encryption and network security will be enhanced, and the information available for interception will be reduced. However, this will not stop attackers-they will start looking for new ways to bypass protection, experts warn.
The evolution of traffic interception is a logical response to changes in information security technologies and environments. That is why sniffing can become more intelligent and large-scale in the future.
Conclusions
We should not forget about sniffing as a potential threat, according to Cyber Media's interlocutors. Although traffic interception tools have ceased to be a massive weapon in the hands of hackers, they are still capable of causing irreparable damage to the company.Moreover, sniffers will definitely develop, albeit in a new field – in wireless data transmission technologies. Time will tell how powerful this evolution will be. And new public cases of successful sniffing attacks, of course.
