Greig Schofield, Technical Manager at Netmetix, explores how Wi-Fi could expose your business – and your employees – to ‘Man in the Middle’ cybercrime.
Imagine you’d spent a fortune making your home physically secure, only to discover you’d been quietly robbed by thieves who never set foot on your property. You thought you’d built a fortress, but didn’t notice the gap in the fence that left you wide open to intruders. It’s every homeowner’s worst nightmare. But it’s also a real-world metaphor for many UK businesses who, despite being increasingly vulnerable, have left the door to cybercrime unwittingly ajar. With IT security now a corporate priority, organisations are investing heavily in sophisticated firewalls that make their systems virtually impenetrable. But many fail to spot the hole in their defences that leaves both the business and its employees dangerously exposed: Wi-Fi.
Flawed Wi-Fi practice, along with poor awareness of the tell-tale signs of cyber threats, can gift criminals surreptitious access to commercially sensitive business information. Moreover, it can inadvertently expose workers to the catastrophic risk of identity theft, phishing and other cyber scams. A high percentage of businesses believe that expansive security infrastructure makes them immune to the threat. However, many don’t realise that their Wi-Fi can negate their efforts to safeguard assets.
Welcome to the unsavoury world of the ‘Man in the Middle’ (MITM) attack. It’s a global epidemic with destructive implications. If you think it cannot happen in your workplace, think again. It can. But with the right organisational awareness and simple technology, it can easily be prevented.
Online crime is changing. Cyber criminals are moving on from targeting organisations and are instead focusing their attention on individual users. One of the easiest ways to do this is via ubiquitous technology that everyone uses: Wi-Fi. In our digital world, connectivity is King. Wireless access is no longer a luxury, it’s an expectation. And it’s an expectation that online opportunists are seeking to exploit.
Our hunger for connectivity – and our willingness to instinctively join a network if it satisfies our need for speed – has provided a stimulant for MITM attacks that largely thrive on Wi-Fi connections. One of the most common is Wi-Fi eavesdropping, where hackers unscrupulously intercept information that travels across wireless hotspots and use it for criminal gain. The approach takes advantage of cheap technology that allows hackers to set up ‘rogue’ access points – fake networks masquerading as legitimate Wi-Fi hotspots with familiar-looking names – then monitor keystrokes and steal personal information from anyone that connects to them. Since these rogue networks are unencrypted, all activity across them is open and visible.
The stealth-like interception of usernames and passwords can facilitate illegal access to online banking, credit card details or corporate permissions. A hacker may not use them instantly but could violate these accounts at any time.
Users are often concerned about confidential documentation stored on their devices. Hackers are rarely interested in this – they’re more focused on lateral movement from a victim’s email account. For example, access to your email allows them to activate password notifications from your PayPal account and monitor keystrokes as you nominate new log-in details. It’s scary stuff.
Global incidence of Wi-Fi eavesdropping is increasing. Hackers have snared numerous high-profile victims, breaching the wireless networks of brands like American Airlines, TalkTalk and Starbucks. The trend has even forced the FBI to warn users to evaluate their surroundings before jumping on a Wi-Fi network. These developments have reinforced a misconception that eavesdropping is limited to public Wi-Fi, fuelling a false sense of security that office-based networks are not susceptible to attack. This is wrong. Wi-Fi is as likely to be compromised in an office as it is in a shopping mall, a hotel lobby or an airport. A hacker with the appropriate technology could be sitting in the next room, the carpark outside or the building next door. They don’t discriminate between public or corporate Wi-Fi. Their goal is simply to lure unsuspecting users to their rogue networks and launch their attacks from there.
Protecting the workforce
Despite its rise, surprisingly few businesses have done enough to address the threat of Wi-Fi eavesdropping. Many believe that password encryption provides adequate protection. Unfortunately, it doesn’t. Encryption is only relevant when a user chooses a legitimate network – if they select a rogue hotspot, the Wireless Key protecting your network is never required.
Businesses are legally responsible for traffic that passes over their network. However, since rogue activity doesn’t actually touch their network, addressing the problem is complex. Employers have a duty of care to staff and must do all they can to ensure their networks are secure. But, given the challenges, how can they mitigate the risk of MITM attacks? A multi-layered approach that combines technology and education is required.
Perhaps the greatest emphasis should be placed on ensuring users understand the risks and recognise unusual behaviour. Although hackers are becoming more sophisticated, their modus operandi often follows familiar patterns that, if individuals are vigilant, should raise alarm bells. Here are some simple considerations:
#1: Get familiar with your company Wi-Fi
Signing up to a rogue hotspot typically requires unorthodox behaviour. Hackers will generally redirect you to a malicious, non-secure website that mimics a legitimate log-in page. That’s rogue behaviour. These pages are unencrypted: if you sign-up, all your transactions become visible. So, familiarise yourself with your company’s Wi-Fi SOPs; know what happens and stop if anything appears out of the ordinary. Being redirected to a portal, particularly in an office environment, is generally a red flag event.
#2: Look out for the padlock
If you’re remote working and accessing public Wi-Fi, it’s not unusual to be redirected to a log-in portal. The majority aren’t malicious. Look out for a ‘padlock’ in the address bar – that’s normally the sign of a legitimate site.
#3: Know your network
Your device will constantly look for recognisable Wi-Fi networks you’ve previously used. Hackers will mimic these – setting up rogue hotspots with the same name in the hope you will connect. Be alert. If you’re surfing in Starbucks and are invited to join your corporate Wi-Fi, it’s most likely a hoax.
Technology can provide added protection against MITM attacks. Rogue Access Point Detection tools can help identify, ring-fence and lock out rogue hotspots. These solutions, which are run from legitimate access points, log and audit activity across your Wi-Fi network and can alert you to suspicious behaviours. They provide visibility and security. Additionally, some companies have introduced policies to ensure client machines can only connect to certain Wi-Fi networks, eliminating rogue risk. The most proactive have opted for ‘certificate-based authentication’ to assure users that their security is being effectively protected. Good examples of this can be seen on the High Street, where retail outlets are reassuring customers that they have ‘Wi-Fi Friendly’ certification. It’s an example that corporate organisations may be well advised to follow.
In an age where mobility and connectivity have become crucial to global communication, Wi-Fi is an essential component of the digital workplace. Users expect it. But they also expect that their online communications are secure from the threat of MITM attack. It’s everyone’s responsibility to ensure that they are.
Let’s fix the fence.