The Most Likely Attack Vector in a Corporate Wireless Network: Examining SY0-601
Question
A user contacts the help desk to report the following: -> Two days ago, a pop-up browser window prompted the user for a name and password after connecting to the corporate wireless SSID.
This had never happened before, but the user entered the information as requested.
-> The user was able to access the Internet but had trouble accessing the department share until the next day.
-> The user is now getting notifications from the bank about unauthorized transactions.
Which of the following attack vectors was MOST likely used in this scenario?
A.
Rogue access point B.
Evil twin C.
DNS poisoning D.
ARP poisoning.
A.
Explanations
A user contacts the help desk to report the following: -> Two days ago, a pop-up browser window prompted the user for a name and password after connecting to the corporate wireless SSID.
This had never happened before, but the user entered the information as requested.
-> The user was able to access the Internet but had trouble accessing the department share until the next day.
-> The user is now getting notifications from the bank about unauthorized transactions.
Which of the following attack vectors was MOST likely used in this scenario?
A.
Rogue access point
B.
Evil twin
C.
DNS poisoning
D.
ARP poisoning.
A.
The attack vector most likely used in this scenario is the "Evil twin" attack.
Explanation: An Evil twin attack is a type of wireless network attack in which an attacker creates a fake wireless access point (AP) that impersonates a legitimate one. The fake AP broadcasts a stronger signal than the legitimate one to attract users to connect to it. When users connect to the fake AP, they are prompted to enter their credentials, which the attacker can capture and use for malicious purposes.
In this scenario, the user connected to the corporate wireless SSID and received a pop-up browser window requesting a name and password, which had never happened before. This indicates that the user was likely connecting to the fake AP created by the attacker. The user entered their credentials as requested, which the attacker captured and used for unauthorized transactions.
The fact that the user had trouble accessing the department share until the next day also supports the possibility of an Evil twin attack. The attacker may have been performing a man-in-the-middle (MitM) attack, intercepting and manipulating the user's network traffic.
Rogue access points and ARP poisoning attacks are also possible, but they do not fit the details of the scenario as well as an Evil twin attack. DNS poisoning is less likely, as it is typically used to redirect users to malicious websites rather than stealing credentials.
