Inadequately secured mobile devices are leaving themselves open to a variety of hidden attacks and even though Apple has implemented cryptography to make sure it can’t be penetrated there are still ways to install malware on an iOS device. And as everyone knows the situation with Android is even worse with devices being born with malware.
SO, WHAT CAN YOU DO?
Get smart, educate yourself on the different types of attacks and then educate your employees.
WHAT IS A MAN-IN-THE-MIDDLE ATTACK?
Search online for man in the middle attacks and you’ll find many resources showing you exactly how to create one, our very own Neil Van Rooyen can set one up in a matter of minutes. With the right software and some patience anyone could gain access to your device and more importantly your business data.
A Man-in-the-Middle attack happens when a communication between two systems is intercepted by a third party.
Basically, imagine a hacker sitting between you and a website who’s intercepting all your activity and capturing any data you input.
One of the most publicised attacks happened in Belgium in 2015, where hackers targeted financial institutions with spear-phishing emails with attached malware-laced Word documents, the download of which enabled a backdoor so the attackers could log keystrokes, spy on the victim’s screen, steal data, and download malware. They managed to steal 1.8 billion Roubles (£16 million) in a period of six months.
This impressive display of hacking prowess is a prime example of a man-in-the-middle attack, and it could easily happen to you.
WHAT ELSE ARE YOU AT RISK FROM?
There are various methods of attack, most of which can be found or purchased online. Here are some of the most common types of attacks that you need to be aware of:
This works by an attacker sending a “legitimate” looking email/text message/social media message usually pretending to be from a bank or official entity. The email includes a link to an “official” website that is actually a fake site operated by the attacker.
Once the user visits the fake site, they may be asked to enter account information such as usernames, passwords, credit card details, etc. The victim may also be exposed to malware hidden on the fake site. Taking advantage of a variety of vulnerabilities in the browser, the attacker may be able to install a Trojan Horse on the user’s computer. If done correctly, the attack can capture sensitive information without the victim even knowing that they have been compromised.
These are an extremely common type of attack which most people would ignore but as they become more sophisticated, the more organisations that are likely to be compromised.
As the cost of data increases people are trying to utilise Wi-Fi more and more, especially those “open” networks provided by many a coffee shop, but how do you know that the network you connected to is actually who is says it is?
Hackers can setup a Wi-Fi connection with a legitimate sounding name, wait for you to connect your device and hey presto they instantly have access to your device.
Once you log into a website and a connection between your computer and the website is established, hackers can hijack your session with the website through numerous means. One popular option they use is stealing your browser cookies, if a hacker got hold of your login cookies, they can easily access your accounts and steal your personal & business information.
HOW CAN YOU PROTECT YOUR BUSINESS?
As a business, there are a variety of steps you can do to protect your sensitive information, including:
- Implementing Mobile Threat Defence security protocols across all devices whether they are BYOD or COPE
- Ensure all cloud programs are protected by Adaptive Authentication
- Invest in secure Wi-Fi technology