Nine months into 2017, and we’ve already witnessed crippling ransomware attacks, WannaCry and Petya Not Petya continuereap extensive cyber damage on the international community.
While ransomware attacks (and social engineering) may be making headway at the moment, other lesser known, but equally damaging cyberattacks are still at bay. We are talking about chip-off, evil maid, and man-in-the-middle attacks. These three are especially dangerous given that the hacker can infiltrate your device without a trace.
Read on to learn what these attacks are and steps you and your employees can take to reduce the odds of success.
Unlike social engineering where hackers bait employees by leaving an infected USB on an empty chair or table, hackers involved in a chip-off attack will go in for the kill.
Once the targeted device is left unattended, hackers remove the device’s memory chip, copy it, replace it and, from the extracted data, take multiple guesses at the target’s password without the target knowing about the foul play.
After 10 guesses, the hacker can do this process over again, repeatedly swapping chips using advanced equipment.
How to Prevent This Attack
The best way to prevent a chip-off attack is to never leave technological devices unattended, especially in public spaces where it’s easier for hackers to blend in.
Need to order another latte at a café when clocking in a long workday? Bring the device with you or have a trusted individual watch your belongings while you wait in line.
Evil Maid Attack
Like the chip-off attack, evil maid attacks take advantage of unattended devices. These cyberattacks may be carried out in supposedly safe environments—such as a hotel room or office cubicle.
What happens is that the hacker will sneak into your hotel room or office cubicle after hours and install a keylogger that will track your keyboard strokes. Once you return from the event and log in to your computer, the keylogger will have saved your password. The hacker will return again and retrieve that information.
Hackers can make few as 1-2 trips or come back many times, depending on their motive. What hackers hope to gain from these exploits is to either steal and sell your login information and/or alter the software on the device. No matter what their goal is, it’s for personal gain.
How to Prevent This Attack
Normally, hotel rooms have a safe; use it. When meeting with co-workers or clients, or attending a conference, store your laptop and any other devices in there or take the devices with you to ensure no tampering occurs.
You can also use a safe along with a security system in the office and/or encourage employees to bring their work laptops home with them. (If choosing the latter, make sure employees are aware of work laptop policy and cyber hygiene steps they need to take so accidental insider breaches don’t occur.)
Also, consider encryption and anti-tampering systems to fortify your security, especially if the safe or security system is broken into.
In a man-in-the-middle attack, the hacker will weasel their way in a private online conversation between two parties. Unbeknownst to the victims, the attacker may impersonate one or both parties, causing chaos and hopefully gaining sensitive information.
Also called a session hijacking attack, this eavesdropping technique heavily targets online banking and e-commerce websites.
How to Prevent This Attack?
Never use a public WiFi; instead, consider using a virtual private network. Other software to employ includes intrusion detection system, dynamic host configuration protocol, and advanced address resolution protocol tools can help mitigate these attacks.
CBI Can Help Prevent Cyberattacks
CBI, a cyber security firm in Michigan, provides software and cyber assistance to boost your security arsenal. Contact CBI for more information.