Alert! Your Wi-Fi Network Might Be Intercepted 

A Wi-Fi connection has become an absolute necessity in the digital ecosystem that we live in.  

Having said that, security has become a top concern given the rising user vulnerability to cyberattacks. In recent news, Wi-Fi connections are prone to unwarranted network eavesdropping. Researchers have uncovered a new service set identifier (SSID) Confusion attack that targets all operating systems and Wi-Fi clients that are based on WEP, WPA3, 802.11X/EAP, and AMPE protocols.  

In this cyberattack, the threat actor deceives the user into believing he or she has connected to the intended network by organizing an adversary-in-the-middle (AitM) attack. A user’s credentials may be verified correctly, however, there is no assurance of connecting to the secure, intended network.  

Execution of an AiTM attack 

1. Create a phishing site  
   The threat actor creates a fake website imitating the legitimate website to lure potential victims. Platforms include banks, email services, or any other platform.  

2. Attracting the suitable victim  
   Users are lured to the particular phishing website via compromised websites through text messages or deceptive emails stressing on the urgency of action. 

3. Bypass MFA
   Through this attack, the threat actor obtains user credentials as well as successfully logs into the legitimate website, bypassing two-factor authentication (2FA) by relaying back the request for the codes to the user, through their fake session with the end user.

4. Possession of the session
   The threat actor then manipulates the session using the victim’s credentials and carrying out unauthorized transactions and illegal communication.

5. Avoid detection during the hijacked session
   During the entire session, the victim is tricked into believing he or she has logged into the legitimate website via a secure login. Whereas the threat actor has retrieved confidential details while ensuring the right steps are taken to cover tracks.  

In this particular cyberattack, threat actors could get more transparency on network traffic, if the end users have their VPNs set to auto-disable on trusted networks. A vulnerable system is prone to leakage and abuse of sensitive information. Imagine system passwords, compromised customer details, financial transactions, and other confidential details getting leaked and exposed to public eye scrutiny. Not only does this lead to financial loss but serious reputational damage that might be irreversible.  

Techniques and Tools Used in AiTM Attacks   

1. Eavesdropping / Rogue Access Point  
   In this cyberattack, an illegal device operates on the network without the administrator’s authorization. These devices pose as legitimate public networks while monitoring traffic and stealing confidential information. The threat actors control and manipulate every passing communication in the network. The threat actor then uses the victim’s credentials for illegal transactions or monitors the victim’s online activities.  

2. DNS spoofing 
   Threat actors manipulate traffic using the domain name system (DNS) and direct the victims to their website instead of the intended, legitimate website. In the process, the victims are asked to carry out a particular action, such as a money transfer, while their data is stolen.  

3. ARP cache poisoning
   In this attack, the threat actor tricks the victim into believing his or her computer is a network gateway. Once connected, the traffic is diverted to the malicious website instead of the real website.  

4. Session hijacking  
   A user’s browsing session is taken advantage of in this cyberattack. Threat actors steal the victim’s personal data and passwords stored in his or her browsing session. The threat actor then uses the victim’s cookie to log into the victim’s account but now from the threat actor’s browser.

How does one mitigate AiTM cyberattacks?

Prevention and protection measures entail a combination of awareness, relevant processes, and technology. For a network to be secure, a four-way handshake needs to be established whereby every layer of communication has a proper network defense.  

1. Securing networks and limiting access  
   Through network segmentation and monitoring, along with restricting access to confidential information and private networks, user access misuse can be limited or restricted.  

2. Encryption and authentication  
   By using strong authentication protocols and encrypting sensitive information, we can reduce the surface area available for downgrade attacks and similar threats.  

3. User awareness  
   Users can be made aware of potential phishing and malicious attacks through training and certification programs. This helps solidify the first line of defense, mostly for social engineering and email attacks. 

4. Multi-factor authentication methods  
   Biometric authentication coupled with hardware-backed MFA methods can help add an extra layer of protection which can help against AiTM attacks. 

AiTM attacks are dangerous due to their unpredictable and flexible nature. Due to threat actors being able to intercept networks, a combination of controls need to be adopted by companies to ensure secure networks. Companies must safeguard their assets through constant vigilance. Cybersecurity controls and measures, regular security audits, and vulnerability assessments are some of the steps companies can take to ensure cyberattacks are prevented and controlled.  

Novigo Solutions provides cybersecurity solutions proven to make a difference in your defense approach. Secure your systems while focusing on a threat-free environment suitable for enhanced business operations. 

Explore more on you can use AI cyber defense to detect and respond at machine speed to cyberattacks here: https://www.novigosolutions.com/darktrace