Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - News & Analysis - Keep Calm And Carry On In The Wake Of The ‘Krack Attack’ Discovery
News & Analysis

Keep Calm And Carry On In The Wake Of The ‘Krack Attack’ Discovery

ISBuzz TeamBy ISBuzz TeamDecember 4, 2017Updated:December 4, 20174 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
suffered a cyberattack
Share
Facebook Twitter LinkedIn Email Copy Link
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

Last month, the news that a WPA2 vulnerability was discovered by a researcher from the University of Leuven, hit the headlines. Hailed as one of the most potentially devastating security threats ever found, this universal vulnerability affects the protocol that protects modern Wi-Fi networks, subsequently leaving all Wi-Fi enabled devices open for attackers to decrypt traffic and inject data to manipulate systems.

Known as a ‘Krack attack’, the most serious implication of an attack of this nature is the ability for attackers to potentially intercept sensitive data such as passwords, credit card details and confidential business information. Upon this discovery, organisations across the globe went into overdrive in a bid to protect their information however, do business leaders really need to panic about quickly fixing their networks? Despite the seriousness of a potentially large-scale Krack attack, the answer is no.

Staying calm despite the hype

Contrary to popular belief, information has never been at a high risk of being stolen through a Krack attack, despite the potential severity and global reach of the vulnerability. But what’s stopping potential actors from exploiting it?

First and foremost, any attacker looking to target an organisation needs to be within physical range of the targeted Wi-Fi network, meaning organisations aren’t immediately vulnerable to everyone on the internet.

For those who do gain access into an organisation’s Wi-Fi network however, the increased use of HTTPS makes it difficult for them to effectively intercept and decrypt sensitive data. Correctly configured HTTPS makes a Krack attack more complex and time consuming for attackers, adding an extra layer of security for businesses.

To further protect their information, business leaders also need to ensure they are correctly using encryption (TLS, VPN etc.). The encryption of sensitive information may be common practice for many, but by securing traffic across a network, businesses can further protect themselves by making it harder for opportune attackers to monitor this traffic.

Despite the likelihood of a Krack attack being low, organisations need to be aware of, and take action to protect against, Wi-Fi reconnaissance activities such as war driving – where attackers locate Wi-Fi access points for potential targeting. Organisations with large physical sites, or multiple sites across the globe, are at a higher risk than smaller businesses when it comes to these activities. By implementing enough of the right security measures to protect systems however, the chances of a successful attack happening are significantly reduced.

The motives behind attack actors

While the need for an attacker to be in close physical proximity to a network makes it difficult to launch a Krack attack, potential attackers don’t necessarily have to be professional or vastly experienced to target businesses. The very nature of the WPA2 vulnerability allows anyone to read traffic from mobiles and laptops to Wi-Fi devices yet, while it’s vital organisations are aware of this, there’s yet to be an attributed Krack attack in the wild.

Whether to collect sensitive business information with the aim of collapsing a company, or to request a cash incentive for its safe return, those looking to expose the WPA2 vulnerability do so with a motive. By ensuring their networks are physically protected from attack vectors such as dead-drop boosters and war driving through ‘defence in depth’ (also known as Castle Approach) and layering numerous security controls throughout their IT system, organisations will be less vulnerable and their corporate data secure.

Krack the code

Taking into account the aforementioned limitations and the speed at which vendors have moved to develop security measures and patches, it’s highly improbable that a widespread exploitation of the WPA2 vulnerability will happen. Despite this, businesses must not rest on their laurels.

It is recommended that devices are fixed with the requisite updates as soon as possible. By ensuring IT and security teams are on the ball and responding in a timely fashion when these updates are released, organisations can quickly and efficiently protect themselves.

The WPA2 vulnerability is also likely to spawn the development of some implementation standards for Wi-Fi connected devices. Whether in the form of software, hardware or firmware, organisations need to be aware of and ensure their Wi-Fi networks adhere to these processes as soon as they become available. Only by implementing all these measures and defence in depth, can businesses be protected.

[su_box title=”About Joep Gommers” style=”noise” box_color=”#336588″][short_info id=’103908′ desc=”true” all=”false”][/su_box]

ISBuzz Team
  • ISBuzz Team
    Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement
  • ISBuzz Team
    Unprecedented DDoS Attack Rocks The Web: Tech Giants Reveal A Digital Tsunami
  • ISBuzz Team
    CISA Flags High-Severity Adobe Acrobat Reader Flaw Amid Active Exploits
  • ISBuzz Team
    Curl Security Alert: Patching A Critical Bug Averting Potential Cyber Catastrophe

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

Visual data is the blind spot in enterprise security: that’s about to change

May 4, 20267 Mins Read

Making stolen data worthless: why security must start with the data

March 30, 20265 Mins Read

Meta’s Smart Glasses Privacy Scandal Expands After Sama Credentials Found on the Dark Web

March 10, 20264 Mins Read
ISB-Bora-Side-Bar

No se ha podido establecer conexión. Error 429

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}