The time is 12:53pm. You just got to your favourite coffee place to seal the deal with an exciting prospective client. Suddenly you remember that there’s a document on your company server that you need to quickly go through before your prospective client arrives. You turn on the Wi-Fi on your mobile device and bingo, the magic words “Coffee-Place-Free-Wifi” appear. You logon without hesitation, quickly go through the document and it enriches your impending pitch as hoped. “This is what modern business and technology is about”, you think to yourself.
The above is a seemingly harmless everyday activity in today’s business world. Internet access is critical for on-the-go professionals, so the convenience of open Wi-Fi hotspots often outweighs the risk that these connections may pose. However to the contrary, hackers create spoofed (fake) hotspots with legitimate looking names to lure unsuspecting users particularly with the promise of “free Wi-Fi”. Once the user tries to connect to the server, the hacker uses his control over the hotspot to attack the user.
Man-in-The-Middle (MiTM) attacks as their non-affectionately known, are when an attacker secretly sits between two parties who think they are directly communicating in order to secretly eavesdrop or modify traffic traveling between the two. Attackers might use MitM attacks to steal login credentials, personal information, sabotage communications or corrupt data. While most mobile attacks require some level of interaction with the user, Man-in-The-Middle (MiTM) attacks can achieve their goal without the user ever knowing they occurred. It is important to note that MiTM attacks can also take place on legitimate Wi-Fi hotspots.
Once the hacker gains control over a device on a hotspot, they can initiate malicious activities, including installing malware on the device. The fact that all of this is still possible even if the communication is encrypted is why MiTM is such a concern. Furthermore, even if your mobile device detects the malicious activity, the alerts on your computer are far more prominent than the ones on your mobile device, which can be easily overlooked. Smaller screen devices also tend to obscure the full web addresses that we connect to further increasing the likelihood that you’ll miss any suspicious activity.
The first step in combating MiTM is establishing a strict security posture that adequately educates employees about the dangers of MiTM and other forms of cybersecurity threat. This should include equipping them and their devices with the right solution to maintain that security posture. A solution that detects rogue hotspots and malicious network behaviour through behavioural analysis is the second step in ensuring security. Behavioural analysis uses machine learning, artificial intelligence, big data, and analytics to identify malicious behaviour by analysing differences in normal, everyday activities. Malicious attacks have one thing in common – they all behave differently than normal everyday behaviour within a system or network.
Once detected, the next step would be to automatically disable suspicious networks to keep devices and your data safe. You can defend your device even further by using a solution capable of validating the integrity of secure connections to detect compromises.
The following features are crucial to any MiTM prevention solution:
- Use behavioural analysis to detect rogue hotspots and malicious network behaviour.
- Automatically disable suspicious networks to keep devices and your data safe.
- Validate the integrity of secure connections to detect compromises.
- Use a cloud-based honeypot to attract and identify attackers.
- Use on-device remediation to trigger dynamically a secure VPN that protects the privacy and integrity of your communications.
A solution that encompasses all of the above is critical to not falling victim to MiTM. Check Point Software Technologies Ltd. is a leading provider of cyber security solutions and recently named a Leader in the 2021 Gartner Magic Quadrant for Network Firewalls. Its solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware and other types of attacks.
About DataGroutIT
DataGroupIT is Africa’s leading Value-Added Distributor (VAD). By partnering with the best selection of established and emerging technology vendors across the globe, we, provide complex solutions for any size business, including Enterprise and SME markets across the African continent.
Our product portfolio offers comprehensive solutions for IT Security, Infrastructure and Enterprise Software.
We are fully committed to our business partners. Channels & vendors success is our #1 mission. Our professional teams across Africa deliver exceptional sales, presale, logistic, marketing and financial support that create the ultimate platform to accelerate our business partners’ success.
Contact Us today to find out more