Hi, Eric here.
Being the Director of Business Development enables me to interact with many stakeholders within our industry on a daily basis. I use these interactions to promote our business, of course, but more importantly I gain a lot of knowledge on what’s happening in our space, what kind of threats are people talking about, and how aware are they of the fact that cybersecurity should not be treated as “the thing that the IT and cyber people should worry about”.
And these interactions, that I was part of in the last few months, are the trigger that made me convey what you’ll be reading here. It is important to understand that while cyber attacks on energy plants, or the theft of 3 million credit card numbers, or a company which was forced to pay whatever amount in Bitcoins due to a ransomware attack – are getting the headlines, most attacks which cause immediate financial damage occur outside the limelight, when companies of variable sizes are realizing they fell victim to financial fraud using a man in the middle scheme.
What man? Is this Cyberman? That’s a corny name for a supervillain…
Yes, they are villains, and they are using their cyber expertise, but they don’t target servers – they target people.
“Don’t mind me, I’m just listening”
In a nutshell, a “Man In The Middle” (MITM) attack begins when an attacker manages to place themselves between a conversation or transaction taking place between two or more parties, unbeknown to the parties involved.
In this position, they can gather information which would enable them to execute an attack on one or more of the parties involved. That kind of information can be the direct route for gaining entry into the designated attack target – such as usernames and passwords exchanged during the conversations or bank account numbers used for money transfers.
Another type of information gathered through this infiltration can be tidbits of knowledge which would enable the attacker to impersonate as a someone that the future victim should trust – names of colleagues and family members, events which the parties mentioned, political preference or even specific jokes which were exchanged.
According to the situation, the attacker then conducts the next phase of the scheme. If the goal is to penetrate the defenses of the IT infrastructure, and cause havoc or steal information – the attacker uses the information they gathered to gain access to the internal systems of the company and continue with their plans.
If, however, the attacker has already placed themselves between parties that are conducting financial transactions, they then continue to strike by usually targeting one side of the conversation, impersonating as the other side, and carrying on their fraudulent plan.
“But I wired you the money last week!”
In the past few months, I’ve been getting a lot of inquiries from companies operating in different verticals, asking what can be done to prevent these events from occurring. Some of these inquiries come from companies that have been a victim of financial fraud, and during our conversation, when they describe what their hindsight investigation brought up, it is clear these were MITM attacks.
What is interesting to note from these conversations, and other recent reports in the media, is that these companies have suffered financial damage, but the fraudsters hadn’t targeted them, but rather their customers, partners or any other entities that are conducting business with them
In these situations, money does not come out of the company’s “pocket”, but rather from the other party’s pocket. However, since the other party was led to believe that they are paying the company, a very delicate situation occurs: the company cannot put the blame on the customer for being tricked, as this would hurt its relationship with the customer, as well as depict the company itself as unable to protect its customers from fraud, and not taking responsibility for the fact that its procedures can be easily manipulated.
Who can we trust?
There are actually two elements which can work independently, but when combined they decrease the risk of a financial fraud via a MITM attack.
First, and this is a good advice for every situation involving digital communication and is also the most obvious suggestion – always make sure you are cyber-protected from an infrastructure point of view. The application of this advice differs according to many variables, but basically it means that you should implement a protective layer which makes it harder for potential attackers to penetrate your assets and communications with the external world.
Second, and this is what we’re dealing with here at nsKnox – you should actually place a “man in the middle” – but it should be a gatekeeper, an entity which is trusted by all parties involved in the communications or transactions, and acts as the financial equivalent of a firewall.
This entity does not conduct the transaction itself, but it verifies that the parties involved in the transactions are indeed who they claim to be, and only then approves to the paying party that it is ok to conclude the transaction.
Financial institutions or financial departments at any organizations should not be required to become cybersecurity experts or police investigators. In the same way banks have delegated the process of checking a customer’s credit score or financial resiliency to companies which are extremely efficient at doing just that, the process of verifying that the other end of a transaction is who they claim to be – should be delegated to companies which are experts at doing just that. This enables both payers and payees to focus on their business, not on their security.