Modern technologies such as Wi-Fi networks have created enormous convenience for businesses. The ability to connect computers and other assets to a network without having to run data cabling to every workstation simplifies setting up new workers and workstations. However, Wi-Fi access points have also created a new avenue for cyberattacks against corporate networks.
Attackers who can get physically close enough to your company’s Wi-Fi routers can use them to get onto your network—compromising your cybersecurity. Worse yet, “close enough” may be as far from your office as the building’s parking lot, depending on the equipment involved. Savvy attackers have been known to get around the protections on network devices using man in the middle attacks (sometimes abbreviated as MITM attacks).
What are man in the middle attacks, how do they work, and how can your business manage these cyber threats?
The term “man in the middle attack” refers to a type of cyberattack where the attacker intercepts communications made by an organization’s users. As noted by Computer Weekly, man in the middle attacks can occur “at the Intranet and Internet levels,” and are one of the most dangerous cyberattack types because “you may not even realize that you are affected since the attack is more or less passive in nature.”
A common strategy for this kind of cyberattack is for the attacker to attempt to spoof the address resolution protocol (ARP) for a given network. Once the spoofed ARP is ready, the attacker uses it to filter all of the communications between users and the access point. Then, they can simply sit back and collect data passively until they have everything they want.
The alternative MITM attack method—the “internet” attack—hijacks communications between users and an unsecured version of a website that lacks Secure Socket Layer (SSL) or similar protection method (or during the transition from an unsecured version of a site to the secure version). They can then intercept all of the data that the victim shares to the website.
One of the most terrifying things about MITM attacks is that they can easily bypass many conventional network security measures. For example, many businesses use passwords for their wireless network access points. While this may keep an attacker from simply logging into the network directly, it won’t stop a man in the middle attack.
Why? Because, if the attacker poses as a network connection point and intercepts a legitimate user’s access attempt, they will capture all of the authentication data the user sends—including router passwords and authentication tokens. Or, if they manage to set up as an intermediary between the access point and the network’s users, they can just keep copying whatever data those users are attempting to process.
Some things you can do to thwart MITM attacks that hijack your Wi-Fi network include:
Online man in the middle attacks can be tricky to stop. A few mitigation strategies include:
Need help protecting your business against man in the middle attacks and other cyber threats? Contact the experts at Compuquip to learn more about how you can improve your threat management today!