March 26, 2019
A Man-in-the-Endpoint attack, also known as an MITE attack, is when a hacker is able to compromise an endpoint of the communication session. Simply put, when the machine or device you use to access a network is compromised, a hacker uses it for MITE attack.
What is an endpoint?
An endpoint is a node which communicates with a network. In other words, it is a device or machine that interacts with a service or website. An endpoint can be a computer, tablet, smartphone, even a server or a workstation.
Traditionally, endpoints used to be desktop computers or laptops. With the rapid increase in the use of mobile devices, this has changed. Today, most networks have a huge and diverse range of endpoints. Even if your organization has a closed network, the internal users may access it using smartphones, tablets and other devices.
For more mainstream services and websites like Gmail and Facebook, the endpoint landscape is even more diverse. Virtually any device or machine you use to access these services is an endpoint.
For network security, an endpoint is a vital factor. An endpoint is a doorway. The communication between a user and the network begins at this doorway. The doorway also offers the hackers with a potential point of entry. And this is why hackers and attackers attempt to compromise endpoints.
Once the endpoint is compromised, a hacker can use it to hijack communication sessions, make fake transactions, steal user credentials and more.
MITE attack is one of the many ways an endpoint can be exploited. The alarming thing about MITE attack is that it can bypass even the best security measures such as two-factor authentication (2FA) and multi-factor authentication (MFA).
In order to prevent MITE attacks, it is important to first understand how does MITE work and how the attack is executed.
How does MITE work?
MITE is used when an endpoint is compromised. This endpoint can be a tablet, smartphone, desktop, laptop, or any other user machine or device.
To use MITE, a hacker first tries to infect the user machine or device with a malware. This is typically a Trojan that is installed on the user’s endpoint, usually through a malicious email or through an infected website.
The Trojan communicates with the hacker through a Command & Control server. It captures all the traffic from the user’s endpoint to the target service or server. The Trojan can also steal the login credentials you use for various online services and websites. The details of this traffic are sent back to the hacker.
With your login credentials as well as the details of the session ID, a hacker can easily exploit a service you use. When you log into the service, the hacker launches a parallel session using the same credentials and session ID.
For instance, suppose you log into your bank account online. The hacker launches a parallel session in an incognito window of the browser. He can then replicate funds transfers as well as other transactions using different bank account numbers. In many cases, such transactions appear legitimate to the service you are using – in this case, the bank. So the bank is unable to flag it.
In the case of other services such as Gmail or Facebook, a hacker can also change password and prevent your access to your account using a MITE attack. This is why it is very important to safeguard yourself and your organization against MITE attacks.
Ways to prevent MITE attack
MITE attack focuses on infecting the user endpoint and then exploiting it. The best way to prevent it is by implementing measures that focus on securing the endpoint from known as well as unknown threats. Following are some best practices you can use to achieve this.
This one goes without saying. Malware prevention is the number one method you can use to avoid an MITE scenario. There are many ways of preventing malware infection. A quality quarantine method, such as a good antivirus, can flag suspicious executable files and prevent them from infecting your system.
When implementing malware prevention, make sure that it covers all the files. These include the files that you receive via email, access through cloud, or sync from other users and machines.
Once an endpoint is compromised, a hacker often uses data traffic to manipulate the session ID tokens. To prevent this, encrypted tokens can be used. Token encryption adds an extra layer of security to a given session and reduces the chances of session manipulation or hijacking. This means that even if the endpoint is compromised, token encryption can mitigate the damage.
Organizations use a large number of applications to work efficiently. Many of these applications have their own sets of bugs and security flaws. The same can be said for user devices that often host apps with vulnerabilities.
A good defense against MITE is to create a security policy that covers the vulnerabilities in these applications as well. It is also a good idea to conduct a thorough audit and analysis of the new applications before approving their adoption by the organization.
VPNs secure communication between an endpoint and the main network or service. Organizations can utilize VPNs to prevent MITE attacks from compromised endpoints. They also add an extra layer of security to make it hard for a hacker to exploit a service using MITE. A variety of VPNs, such as ExpressVPN, are available on the market. To see how good is ExpressVPN, you can check out this detailed review.
MITE Awareness Training
Awareness is one of the most essential tools in defending against MITE attacks. If the users at your organization understand how MITE attacks work, they are in a better position to counter it. You can use MITE awareness trainings, with mock MITE attack scenarios, to educate the users on the subject. Such training must also include notes on how to identify rogue links and avoid clicking on the links that are suspicious.