Beware of the Monster in the Middle!
Monster in the middle, otherwise known as Man-in-the-Middle (MiTM), is a cyberattack frequently used by hackers. MiTM attacks are methods of eavesdropping on and manipulating communication between two parties. Perpetrators will interject themselves into a legitimate line of communication, unannounced, and alter the messages getting sent and received to achieve a specific goal.
Another way of describing this phenomenon in a more visual sense familiar to those of us who grew up in the “stone age” is the game of Telephone. Telephone involves attaching two Solo Cups with a fishing line to allow two parties to communicate through the cups. It works because the voice spoken into one end of the cup reverberates through the fishing line, audibly emerging at the other end. Now, imagine that another kid comes with their own cup and ties it to the middle of the already-established Telephone; they could listen and interject into your conversation – this is the epitome of a MiTM Attack.
Beware of the Hardware!
MiTM attacks can vary execution methods, but one such way is through a rogue device. In these hardware-based man in the middle attacks, the cyber-attacker needs to have physical access to a tangible asset. For instance, a Wi-Fi router, network server, or ATM, in order to attach the rogue device and begin their attack.
One specific MiTM attack that you should be aware of is the ‘ATM Black Box’ attack, which started making headlines in 2017 and continues to this day. The Black Box attack is a hardware-based MiTM attack that utilizes a direct connection to the ATM. Moreover, the Black Box is a rogue device that physically connects to the target ATM via USB ports. Lastly, the Black Box intercepts and alters the communication between the ATM PC and the cash dispenser, sending a message to the latter (seemingly from the former) instructing it to shoot out cash. Black Box attacks, or ATM Jackpotting attacks as they are also called, can be extremely devastating as the attack tool operates on Layer 1. Unfortunately, existing security solutions, such as NAC, IDS, EPS, and more, fail to cover Layer 1, the physical layer of the OSI model. As such, the rogue device goes undetected, leaving the ATM unprotected against Black Box attacks.
The frightening reality of this is how simple it can be for cybercriminals to carry out a Black Box attack. There is no need to know how to code or even deal with the time-consuming process of using brute force attacks to access the ATM. Rather, all that needs to be done is connect a rogue device and, presto, wads of cash come spewing out of the machine.
A 2021 report found that, in the first half of 2021, all but one logical attacks on ATMs were Black Box attacks. This caused losses of more than $500,000.
The Solution to the Extra Man Intrusion
With all this talk about hardware-based MiTM attacks and their ability to evade detection, one might wonder how to avoid becoming a victim. Sepio’s HAC-1 solution provides a panacea to such a challenge through Layer 1 visibility. HAC-1’s unparalleled visibility ensures complete asset visibility – no hardware device (IT/OT/IoT) goes undetected, including those covert Black Boxes. Furthermore, HAC-1 offers a rigorous policy enforcement mechanism that allows for comprehensive hardware access control; and the solution’s Rogue Device Mitigation capability instantly blocks any unauthorized or malicious hardware. Together, these features enable a Zero Trust Hardware Access approach that, in turn, stops Black Box attacks dead in their tracks.
