There are many cyber threats out there. Usually, they’re motivated by money or political gain, but it can also be simple mischief. However, motivation is of little significance when your business is under attack. What matters most is containing the damage and preventing the next attack. As businesses are growing increasingly dependent on wireless and cellular connectivity, while data privacy regulations are mounting, preventing attacks is simply more cost-effective than recovering from them. One of the oldest and most prevalent types of attacks is snooping, or their evolved version – Man-in-the-middle (MiTM) attacks. MiTM attacks leave our data, devices, and lives open to exploitation. This is increasingly critical in today’s world as more and more devices come online. What are Man-in-the-Middle attacks? Everything from our doorbells to our cars is connected and susceptible to MiTM attacks. Imagine someone suddenly taking control of your car while you are driving. Or someone tracking your location to ensure your home is empty when they break in to rob it while transmitting false data to your home security system. On a larger scale, significant segments of the infrastructure that we rely on as a society today are also connected to the internet. This means that critical services like transportation, energy, and hospitals are at risk from malicious MiTM attacks that can cause disruption with catastrophic results. In a MiTM attack, a signal between two parties is intercepted (the “man-in-the-middle”) and replaced with another, fraudulent signal. MiTM attacks are nothing new. They have been around in some form or another for a . Technology has changed but the general principle remains. long time A classic example of this is the . During air raids, allied forces mimicked the broadcasts from German radio transmitters. Aspidistra Intrusion Operation from World War 2 They would wait until the signal was turned off and then would broadcast their own content on the same frequency (often pro-allied propaganda or other fake content that was meant to demoralize the Germans). Because they were able to do this without being detected, it seemed as though these broadcasts were coming from official sources. Modern-day MiTM attacks are not much different. Hackers intercept the signals we send out with our phones or over the internet. They then piggyback on the existing connection to retrieve information and insert their own commands while masquerading as the legitimate user. Why is defending against MITM attacks so challenging? Just like they were in World War 2, . Except that this time something is different and they have no way of knowing. modern MiTM attacks are designed to be covert and transparent. Users are tricked into thinking that everything is no different than it was the last time That’s what makes MiTM attacks so dangerous. End users can go about their business for days or even weeks without noticing that something is wrong. During that time, it’s almost impossible to know what data could be exposed–passwords, account data, business email access and more. Detecting MiTM attacks is virtually impossible and often requires advanced knowledge of internet or mobile communication protocol and security practices. MITM attack vectors Perhaps the biggest challenge with MiTM attacks is that they . This means anything connected to WiFi, cellular networks, and even Bluetooth is vulnerable to attacks. aren’t limited to a single point of failure or communication protocol. They can affect any kind of signal being broadcast Let’s take a closer look at how these attacks work. LAN / WiFi – WiFi networks, especially open public WiFi networks, are common places for MiTM attacks to occur as they’re often not very secure (to say the least). . They can make it think it’s connected to an open connection (although it’s not) or you can be fooled into visiting a fake website that looks like the one you wanted but isn’t. When these attacks happen over WiFi, hackers intercept communications and trick your computer There are a few ways hackers can set up a MiTM attack over WiFi. Hackers can create fake access points that look and act like real ones that unsuspecting end users log into. can be picked up from Amazon to monitor packets being sent to and from computers. Sniffers can be used to inject malicious packets into the communications, giving them the ability to redirect traffic or alter messages. A notable recent example was a group of Russian hackers APT 29 (also known as Fancy Bear) that used a to attempt to hack into the network of the office of the Organisation for the Prohibition of Chemical Weapons (OPCW) at The Hague. Cheap packet sniffers Wi-Fi spoofing device – Attacks on Bluetooth technology put nearly every aspect of our lives at risk. Bluetooth Bluetooth is being used just about everywhere these days. It’s in our speakers, phones, computers, and even our cars. in Bluetooth called Key Negotiation of Bluetooth (KNOB) makes MiTM attacks easy for hackers. A recently discovered exploit Bluetooth allows users to choose the level of encryption they want to use, anywhere from a 1-byte key up to a 16-byte key, with 1 being the easiest to crack and 16 being virtually impossible. KNOB intercepts the encryption signal and forces it to change from a 16-byte key down to a 1-byte key. Once this happens it’s possible for malicious hackers to launch a to gain access to the device. Though this type of attack has yet to gain popularity with most hackers, there’s no doubt that elite hacker groups are experimenting with it. brute force attack – With cellular-connected devices, MiTM attacks with devices like . The thing that makes these attacks . These . The reality is that the spoofing device allows the attacker to monitor all texts and phone calls your phone is making. Stingray devices and cellular MiTM attacks are a popular tool in the hands of government-supported hacker groups and covert espionage operations. Cellular spoof cell towers Stingrays particularly notable is that they rely on a technology that is also used by law enforcement in some jurisdictions fake base station simulators essentially dupe mobile devices into thinking that they’re connected to a real cell tower In February 2020, that Russian forces may be using IMSI-catchers to broadcast SMS messages with pro-Russian propaganda. This is not the first time, either. Similar reports of fake cell towers as part of Russian cyber-warfare tactics . Ukrainian cyberwarfare experts reported have been circulating since 2017 Preventing MiTM attacks – a layered approach Considering the sheer volume of information that can be found on connected devices, especially those used for work as part of a bring your own device policy, or those connected to critical infrastructure platforms, preventing MiTM attacks is critical. There are four key components to an efficient MiTM attack prevention strategy: – is responsible for a of cyberattacks like MiTM attacks. People . To avoid this, education is critical, especially in business. Ensuring that employees know the basic principles of preventing cyber attacks in general, and MiTM attack in specific can save a lot of time and money. Simple things like instructing employees to avoid public wifi networks or can go a long way in preventing these attacks. Awareness & Education Human error high percentage unknowingly click a bad link or use their login data on a compromised site, giving hackers access to all their data teaching people what a phishing email looks like Holding regular security sessions to keep staff up to date on issues and requiring frequent password changes are just a few of the easy steps that you can take to stay safe from MiTM attacks. – from MiTM attacks. create a secure and encrypted channel for data that is transmitted over the internet from a device or a network. Encryption & VPNs Using encryption on all devices that contain valuable information and using virtual private networks (VPNs) when connecting to public networks adds an extra layer of protection VPNs Used for many years, VPNs for remote workers act as protected pipelines for all data that passes through them, making them highly effective against MiTM attacks. – One of the ways MiTM hackers gain access to systems is by . Firmware & Software Update Policy exploiting outdated software and firmware on the system Having a policy in place that keeps these updated at all times helps seal potential points of MiTM access. have all the current security patches for known problems and make it harder for hackers to gain access. The same should be done for routers, IoT devices, and other hardware and software connected to your network. Up-to-date systems Even a single point of failure can put your entire network at risk. like a connected lightbulb with an outdated firmware version – Keeping cellular-connected devices secure can be a challenge, especially with the sheer amount of change that happens in the industry regularly. Cellular Connection Security , being able to protect against threats like and Stingray devices is critical. Using reduces the risk across an entire organization by providing complete coverage for all connected devices, no matter what cellular network they connect to or where. With 5G technology gaining wider adoption Torpedo attacks IMSI catcher protection How does cellular network-level protection work? Be proactive, rather than reactive The key to preventing MiTM attacks is to make sure that you have a comprehensive plan in place to seal off as many of the possible weak points as you can. Staying ahead of an attack with a mix of education and proactive security policies can help ensure that your organization doesn’t have to deal with the fallout from an attack. This is essential in an age where even small data breaches come with huge fines of (bigger breaches are up to €20 million) – something that a lot of companies would struggle to recover from. Having a “wait and see” approach doesn’t work when your business goes under. upwards of €10 million Previously published at https://www.firstpoint-mg.com/blog/how-to-prevent-man-in-the-middle-attacks/
