Cybersecurity Reach Foundation LogoCybersecurity Reach Foundation
Back to Newsletters

Nearest Neighbor: How Close Connections Can Open Doors to Cyber Attacks

Your neighbor might be the weakest link in your cybersecurity. This week, we dive into how Volexity uncovered a clever "Nearest Neighbors" attack, Microsoft’s major outage, and a $200M donation aimed at protecting America’s digital future.

Newsletter cover image

This week had its fair share of excitement: Microsoft had a big outage that caused chaos for a lot of people, Volexity uncovered a wild "Nearest Neighbors" cyber attack, and the founder of Craigslist made waves by donating another $200 million to help protect America’s infrastructure from cyber threats. Let’s break it down!

The Nearest Neighbors Attack

This week, we stumbled across a fascinating article by Volexity, detailing an attack vector they identified during an investigation for one of their clients. They dubbed it the "Nearest Neighbor Attack." In essence, the malicious party (a threat actor) hacks into networks physically close to their ultimate target. Once inside, they compromise a computer with both a wired connection to its network (for remote communication) and an unused Wi-Fi module. The attackers then use this Wi-Fi module to attempt logging into the final target's network using stolen credentials.

The attack was attributed to the Advanced Persistent Threat (APT) group GruesomeLarch (also known as APT28, Forest Blizzard, Sofacy, Fancy Bear, and more). This appears to have been a politically motivated operation, as the final target involved individuals working on Ukraine-related projects.

How the Attack Worked

  1. Nearby Network Compromise: The attackers first breached networks close to the ultimate target.
  2. Dual-Homed Devices: They specifically targeted computers connected to both wired and wireless networks.
  3. Wi-Fi Infiltration: Using compromised credentials, they logged into the target's Wi-Fi network.

Even after gaining access to the Wi-Fi, the attackers hit a roadblock: they couldn't access the target's internal environment (software, platforms, tools) because internet-facing resources were protected by multi-factor authentication (MFA).

Tools and Tactics

  • The attackers used a built-in Windows tool, Cipher.exe, to securely delete files and cover their tracks, making forensic recovery extremely difficult.
  • They employed living-off-the-land techniques, relying on legitimate tools and minimal custom malware to evade detection.

Initial Entry Point

The first system was compromised using brute-forced credentials, allowing the attackers to pivot and execute this novel, proximity-based attack. This breach underscores the importance of strong security practices, even for seemingly secure local networks.

Volexity’s detailed analysis of this case is a must-read for anyone interested in understanding modern attack methods and their implications.

Read More

icrosoft’s Email and Calendar Outage: Fix in Progress, Frustration Remains

Microsoft faced a rough Monday (11/25/24) as a major outage disrupted Outlook and Teams for thousands of users. At its peak, over 5,000 issues were reported on Downdetector, though the true scale of the problem was likely much larger.

What Happened?

  • Timeline of Recovery:

    • 9 AM ET: Microsoft began deploying a fix and manually restarting affected servers.
    • Noon: The fix had reached 98% of environments, but many users were still experiencing issues.
    • 2 PM: Recovery was slower than expected, and the company faced further delays.
    • 7:30 PM: Microsoft estimated the issue would be fully resolved within three hours.

  • Impact: Many office workers were left in limbo, though some U.S. users joked about the unexpected break ahead of Thanksgiving.

A Broader Context

While this outage was disruptive, it pales in comparison to the CrowdStrike incident earlier this year, which caused global chaos, from halted air travel to hospital disruptions, costing companies $5 billion in direct losses.

The Bottom Line

By late Monday evening, Microsoft was optimistic about resolving the issue, but for users, the day was a stark reminder of how reliant we’ve become on cloud-based services.

Read More

Craig's Cyberlist: A $200M Push to Secure America's Infrastructure

Craig Newmark, the founder of Craigslist, is leveraging his philanthropic efforts through Craig Newmark Philanthropies to bolster cybersecurity and safeguard critical American infrastructure from cyberattacks. In a bold move, he pledged $100 million in September and is now committing an additional $200 million to further support initiatives aimed at combating cyber threats.

This renewed focus comes in the wake of incidents like the CrowdStrike breach earlier this year, which impacted 8.5 million systems, underscoring the growing risks to critical infrastructure.

"My deal is that I want all that money to go straight to the nonprofit world — I just have to figure out where that goes and how to handle it over the next five to 20 years," - Newmark

Read More

It’s been a week full of surprises, with some key takeaways for all of us:

  • Stay Prepared: Microsoft’s outage is a reminder to always have backup communication tools in place for critical operations.
  • Learn and Adapt: Volexity’s "Nearest Neighbors" discovery highlights the importance of staying informed about emerging attack techniques to protect your systems.
  • Support Cybersecurity Efforts: Craig Newmark’s massive donation shows the value of investing in the future of cybersecurity—consider how you or your organization can contribute to safer digital spaces.
  • Review Your Practices: With these developments in mind, take a moment to assess your own cybersecurity defenses and disaster recovery plans.

As technology evolves, so do the challenges—let’s stay ahead together!

Subscribe to Our Newsletter