It’s that time of year again… fake blood in hand, pumpkins at the ready, the magic of Halloween is upon us. To greet this particularly spooky holiday, we thought we’d investigate what truly sends us: data loss.

In our global network of corporate mobile devices, we can see users connecting to wireless hotspots all the time, 6% of which are unencrypted. Scary stuff. In fact, our research shows the average corporate device connects to 12 Wi-Fi hotspots a day, sometimes automatically – so there are infinite opportunities for the user to put themselves, and their data, at risk.
What’s so spooky about unencrypted WiFi hotspots? Let us explain.

Man-in-the-Middle attacks

A Man-in-the-Middle attack occurs when the communication between two systems is intercepted by a third party, aka a Man-in-the-Middle. This can happen in any form of online communication, such as email, web browsing, social media, etc.
Not only is the attacker trying to eavesdrop on private conversations, their end goal is often to target information inside the device. Once they gain access to the device, the damage they can do is endless; steal credentials, transfer data files, install Malware, or even spy on the user. Spooky.
Since Man-in-the-Middle attacks can succeed only when the attacker can impersonate each endpoint to the satisfaction of the other, the two crucial points in defending against attacks are authentication and encryption.

What’s so bad about unencrypted Wi-Fi?

There are reportedly over 384.4 million Wi-Fi networks across the globe, which is not far from the entire population of the United States. With so many options to chose from, how can you tell which networks are more vulnerable to attack?
In itself, a wireless access point (WAP) or wireless network connection isn’t inherently dangerous. It becomes so if it’s unsecured – allowing the movement of data across its airwaves without any form of protection.
Almost every coffee shop, bar, gym, etc. offers a service of open Wi-Fi connectivity to their customers with zero security, encryption or privacy. Users trade security for convenience and connect to the Wi-Fi hotspots to access private and confidential information, with little consideration of the implications.

Where are these attacks occurring at the moment?

Wandera’s threat intelligence team decided to look at Wi-Fi attacks across the top 30 business travel locations throughout this month, to find out which locations are currently breeding grounds for Man-in-the-Middle attacks. To do this, the team analyzed the prevalence of unique WiFi networks involved in a particular type of Man-in-the-Middle attack for each country. 
This allowed them to gain visibility over where these attacks and find out where the vulnerable Wi-Fi locations are located. The map displays the risk of a device being exposed to a spooky unencrypted Wi-Fi hotspot per country; with red color referring to the most ‘at risk’ and green to the least, but with attacks still occurring.
As you can see the attacks were widely spread across the globe, which is concerning for global enterprises with employees roaming abroad frequently to varied locations.

Tips to keep your corporate devices safe

1. Pick the best costume for your personal information

Halloween is all about the costumes so why not encourage employees to protect their personal information by disguising their data as well? Ensure that personal information is always encrypted through a secure network or website.
You can tell if a website is encrypted by looking for the https and lock symbol at the beginning of the URL. Be sure to look for this on any site asking you to sign in to avoid exposing your personal information.

2. Don’t accept treats from strangers

If your colleagues are using public Wi-Fi and they notice any suspicious behavior; popups asking for credentials, login pages that don’t look legitimate – ensure they don’t give away personal information that can be used against them.
A common technique for Man-in-the-Middle attackers is to mimic the look and feel of trusted websites. The idea is that you perform what you think is an innocent transaction with the bank, for example, while the Man-in-the-Middle commences a simultaneous sensitive transaction with the real banking site. Such as telling the bank that you just agreed to pay out money to him.
When the bank asks the Man-in-the-Middle a question he can’t answer, he asks you. You then tell him what he needs to know to carry out the rest of the transaction. Scary stuff.

3. Beware of the ‘Evil Twins’

An ‘Evil Twin’ hotspot is a Wi-Fi access point set up by a hacker. It is meant to mimic a legitimate hotspot provided by a nearby business, such as a coffee shop that provides free Wi-Fi access to its customers.
By imitating a legitimate hotspot and tricking users into connecting to it, a hacker or cybercriminal can then steal account names and passwords and redirect victims to malicious sites.
The attacker can also view the contents of files that the victim’s opens and transfers whilst they are connected to the ‘Evil Twin’ access point. The only effective defense against Evil Twins is server authentication, from 802.1X server validation to application server certificate verification.

4. Keep your candy under lock and key

Change the configuration settings so your devices don’t automatically connect to Wi-Fi by default; it only takes a short space of time for a lurking attacker to spot a new device to pounce on. Since Man-in-the-Middle attacks primarily use malware for execution, you should have a comprehensive security solution that provides visibility into Wi-Fi only attacks.
Wandera’s +WiFi module gives customers access to a unified view of data usage across cellular and Wi-Fi connections, allowing admins to keep tabs on employee activity taking place outside of mobile data. Behaviour anomalies on the network can be identified in seconds with this extended visibility and flagged to prevent data loss.
If you’d like more information on how to protect your devices from the monsters who can’t wait to get their hands on your corporate data this Halloween, get in contact with our team today.
[text-blocks id=”mobile-data-leak-report”]