You’ve likely heard the expression, “don’t poke the bear.” (To some, it may be known as “do not wake up a sleeping bear” or “don’t poke the dragon” or “don’t poke the tiger.”) This means don’t do something that might provoke someone into becoming angry or striking back in some problematic way.
This expression is never more applicable than in today’s online world, where there are several cybersecurity ramifications when an individual or organization decides to “poke the bear.”
What Is a Poke the Bear Attack?
There have been numerous reports of poke the bear cyber attacks over the last few years.
Perhaps the most well-known poke the bear incident was when the Sony Pictures film “The Interview” poked the bear by satirizing and parodying North Korean rulers. This provoked North Koren hackers to attack Sony’s IT infrastructure, exposing sensitive data, including Sony employee and customer data, spreadsheets, films, and more.
Another Poke the Bear attack of note was when CEO of HB Gary Federal, Aaron Barr, claimed that he could out members of the hacker group, Anonymous. Anonymous responded by hacking into the HB Gary Federal network, stealing documents and personal emails.
We may see an increase in poke the bear cyber attacks, thanks to the current Russia/Ukraine War, which is also being fought in cyberspace. The U.S. Department of Homeland Security (DHS) has warned that Russian hackers are targeting critical U.S. infrastructure.
Users can also inadvertently “poke the bear” by being lax about their online security. This is caused by users not taking the proper safeguard to protect themselves online. For example, in 2018, a report indicated that 78% of folks around the globe actively look for free public WiFi hotspots, with 72% of those users being unconcerned about security when connecting.
What Type of Cyber Attacks Are Used in a Poke the Bear Attack?
A Poke the Bear attack is not limited to one particular type of cyber attack. A Poke the Bear attack is simply the result of you doing something to spur a bad guy to launch a cyber attack on you or your company.
There are numerous types of cyber attacks that can be used in a poke the bear attack. In this section, I’ll explain some of these attacks and also discuss how to recognize and protect yourself against them.
Evil Twin Attack
The Evil Twin Attack is arguably one of the most popular types of attacks. This is because most Evil Twin Attacks take place where unprotected WiFi hotspots are available. Public WiFi hotspots are quite popular for users who are looking to check their email, quickly pay a bill, check their bank balance, bid on an auction item, and do other online activities.
An Evil Twin Attack takes place when an attacker sets up a fake WiFi access point, in the hopes that victims will connect to the fake access point in place of a legitimate access point. When an unsuspecting user connects to an Evil Twin access point, all of the data they send and receive passes through a server controlled by the bad guy.
Evil Twin access points can be created with a smartphone, tablet, computer, or other connected device running specialized software.
Bad actors can also make use of a nasty bit of kit called the “WiFi Pineapple.” While the WiFi Pineapple has legitimate uses, such as network testing and auditing, it can also be used by hackers to set up a fake WiFi access point, enabling Evil Twin attacks by using a number of readily available apps and scripts that are available for the Pineapple. The WiFi Pineapple is available for as little as $109.99.
Hackers can even set up a WiFi Pineapple to convincingly display what appears to be a legitimate agreement page for the real hotspot. These pages display legal phrases that users must agree to before connecting to and using the hotspot. (Do you ever actually read the agreement before agreeing? I’d be willing to bet that most users don’t bother reading the terms, even if it means giving up their firstborn child.)
Luckily, there are ways to avoid Evil Twin attacks.
Avoid Public WiFi Hotspots
First, whenever possible, avoid using public WiFi hotspots. Use your device’s own cellular connection whenever possible. This is more secure, as you are connected directly to your cellular provider’s network, making it much harder for your average hacker to monitor your online activities.
Also, instead of a public WiFi hotspot, use your own hotspot device. These are available for a reasonable price from most cellular carriers, and also keep you safer by connecting directly to your provider’s cellular network. Many providers will allow you to use your smartphone’s cellular connection to create a hotspot for your other devices. Make sure that your hotspot uses a password that is known only to you.
Another advantage of using your device’s cellular connection or a personal hotspot device is that with the rollout of 5G cellular networks, your internet connection will likely be much faster than it would be while connected to a public hotspot.
Avoid Using Your Financial and Shopping Accounts on Public WiFi
Never log in to your banking, investment, credit card, or shopping accounts while connected to a public WiFi hotspot. In fact, never connect to any account that holds sensitive financial, business, or personal information. If you must log in to these types of accounts, make sure to have multi-factor authentication set up on the account. This requires a second bit of information, such as a code, fingerprint, or other types of info to allow successfully logging in.
Visit only HTTPS Websites
When connected to a public WiFi hotspot, visit only HTTPS-enabled websites. (The “S” stands for “Secure.”) HTTPS websites offer end-to-end encryption to hide your activity from hackers.
Use a VPN
A Virtual Private Network (VPN) protects you from Evil Twin attacks by encrypting your internet connection. A VPN creates a protective encrypted tunnel for your connection. And, much like a physical highway tunnel, a VPN tunnel hides the traffic flowing inside of it, meaning your online activity cannot be monitored or affected. My VPN of choice is NordVPN. For more information, read my review of NordVPN.
Baiting and Phishing Attacks
Baiting attacks use social engineering to lure a user into a trap that will reveal their personal and financial information, login credentials, load malware and spyware, and more.
Baiting attacks rely on psychological manipulation to exploit a victim’s naivety by tempting them with “too good to be true” offers like free iPhones or computers, free downloads, and other tempting “offers.”
Meanwhile, phishing attacks may see the bad guys posing as the user’s IT department, superiors, or vendors, in order to trick the target into exposing their personal or business info, such as login credentials, by directing the victim to a fake website or other connection.
How to Avoid Baiting and Phishing Attacks
Baiting and phishing attacks succeed because of weak security protocols and measures, as well as insufficient cybersecurity education.
In addition to keeping their networks, computers, and software updated, companies need to educate their employees – from the janitor on up to the CEO – about the hazards of baiting and phishing attacks.
Individual users should be running antivirus and anti-malware protection on their devices and should self-educate themselves about these attacks, by perusing websites like Pixel Privacy.
Brute Force Password Attacks
Since passwords are still the most commonly used method of authenticating users, many attackers will use a brute force attack to attempt to breach a network or system. Brute force attacks consist of trying multiple passwords in the hope that one will work.
Such attacks can consist of the bad guys trying passwords related to a user’s pets, hobbies, loved ones, and other personal information to try and guess a password. Dictionary attacks fall under the brute force category, and they use a dictionary of common passwords to try to log in. The five most common passwords used in 2022 include (believe it or not) “123456,” ”123456789,” “qwerty,” “12345,” and SIGH! “Password.”
How to Avoid Brute Force Password Attacks
It’s a simple matter to avoid brute-force password attacks. Simply do not use easy-to-guess passwords! Never use your childhood address, your Mom’s maiden name, the street you grew up on, your pet’s or child’s name, or any other personally identifiable word or name as a password. And never, ever use any of the common passwords I mentioned above.
Always use only strong passwords. By “strong,” I mean your password should be long and it should combine numbers, upper-case and lower-case letters, numbers, and symbols. Also, use a password manager, like 1Password, LastPass, NordPass, and numerous others, to generate, store, and manage your passwords. This will help prevent easy-to-use passwords from being used, or even worse, from being re-used.
Drive-By Attacks
Drive-by attacks are used by the bad actors of the world to spread malware. Hackers look for insecure websites running old versions of software, where they can install malicious scripts or code on the site’s pages, allowing them to install malicious software onto the computer of any visitors to the website without any activity on the users’ part.
How to Avoid Drive-By Attacks
Website owners and operators should keep their websites updated to the latest versions of software and scripts. Updates include fixes and patches for insecure software, helping to block drive-by attacks.
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks involve overwhelming a system’s resources with too many information requests, making it operate quite slowly or preventing it from responding at all. These are usually launched by using a large number of host PCs and devices that are infected by malware and that are controlled by the bad guys.
How to Avoid DoS and DDoS Attacks
Make sure you understand your infrastructure’s typical internet traffic pattern. This will help you identify unusual traffic when it occurs. Also, make sure to have a DDoS response ready and waiting. By having a plan in place, you’ll be ready to respond to attacks.
Keep your systems updated, this helps mitigate DoS and DDoS attacks.l Also never put all of your data centers on a single network or in a single location. Also, look for any possible bottlenecks in your network. Make sure to have plenty of bandwidth to prevent any traffic jams.
Move your infrastructure to the cloud. While this won’t completely prevent attacks, cloud providers will have more resources and bandwidth, allowing them to mitigate these types of attacks.
Eavesdropping Attacks
Eavesdropping attacks consist of “snooping” or “sniffing” unsecured network communications. This allows bad guys to steal information being sent and received on the computers and other devices on the unsecured network. This allows them to glean sensitive financial and business-related information, which they can sell for financial gain.
There are multiple types of eavesdropping attacks. These include passive sniffing and active sniffing.
Passive Sniffing
Passive sniffing sends no packets. It simply captures and monitors the packets flowing through the network.
Passive sniffing allows attackers that succeed in compromising the physical security of a targeted network to simply walk into an organization with their laptop, plug into the network and begin capturing possibly sensitive information.
Many Trojan horses have built-in sniffing cap features. This allows a bad actor to compromise a victim’s machine by installing trojans that will allow the installation of a packet sniffer and begin sniffing.
Active Sniffing
Active sniffing searches for traffic on a switched network by actively injecting traffic into the LAN. This sniffing method sees the attacker directly interacting with a targeted network by sending packets and receiving responses. The sniffing is carried out through switches.
ARP spoofing, MAC flooding, HTTPS and SSH spoofing, and DNS spoofing are just some of these types of attacks.
Avoiding Eavesdropping Attacks
Keep your networks secure. Keep them updated to the latest available software versions. Simple, no?
Poke the Bear FAQ
Am I Poking the Bear When I Use Unsecured Public WiFi Hotspots?
If you're using an unsecured public WiFi hotspot, you are in a way, poking the bear. It's like not looking both ways before crossing a busy street. You're taking the chance you won't be run over. If you use an unsecured WiFi hotspot, you're daring bad guys to monitor your online activities. This leaves you open to various types of attacks, such as fake WiFi connections, man-in-the-middle attacks, packet sniffing, and more. By using a VPN, you can avoid poking the bear, while keeping your online activities undercover.
Are There Other Ways to "Poke the Bear"?
Yes, if you're not protecting yourself while online, you are poking the bear (also known as "F#[email protected] Around and Find Out"). If you visit dangerous websites, torrent files, or download files from questionable sites, you are poking the Bear. Use a VPN when online, this not only hides your online activities from hackers and other nosy types, but many VPNs also offer blocking of nefarious websites, possibly dangerous ads, tracking cookies, and more.
In Closing
When you poke the bear (or tiger or dragon) you run the risk of being attacked. This is especially true in the cyber world we all visit every day.
When conducting business online, even when you’re simply looking for entertainment or other online pastimes, protect yourself by being aware of the attacks that wait for you in the darker corners of the internet. Keep your devices updated and protect yourself by avoiding insecure activities like connecting to a public WiFi hotspot. If you must connect to a hotspot, protect yourself by using a VPN and by using your common sense.