An FBI advisory in October 2020 issued a warning that there is an increased risk during the techno-pandemic of Man-in-the-Middle (MITM) attacks for teleworkers using hotels or other public Wi-Fi networks. They also gave a number of cybersecurity recommendations to protect your system.
MITM attacks can vary, targeting multiple vulnerabilities, and come from many sources. Hotel Wi-Fi systems are particularly vulnerable to Man-in-the-Middle cybercrime.
Public Wi-Fi networks are not secure. The hotel industry has no standards for secure Wi-Fi access.
Cybercriminals sometimes can crack encryption using fake certificates to pose as log-in portals, and bank or payment websites, in order to steal information. Passwords can be compromised on accounts and systems.
The FBI advisory includes signs that your system has been attacked, and recommends immediate action you should take.
Signs a device is compromised
- device pauses or slows suddenly
- website automatically redirects
- the cursor starts to move on its own
- the mobile device launches apps by itself
- increases in pop-up ads
- a sudden increase in data usage
- a sudden decrease in battery power
- unexplained outgoing calls, emails, or texts
Actions to take if you believe your device is compromised
- Do not forward any emails or files.
- Turn off Wi-Fi and Bluetooth and disconnect devices from all networks.
- Consult the IT department, if applicable.
- When you don’t have an IT department, consult a cybersecurity specialist.
- Report any cyber-attack or scam to the Internet Crime Complaint Center at IC3.gov.
MITM protection and cybersecurity recommendations
The FBI provides cybersecurity recommendations to protect consumers and entities from MITM attacks and ensure privacy. This begins with, “using a reputable VPN to protect your connections.” Teleworkers should use a Virtual Private Network (VPN) to encrypt network traffic in order to block cybercriminals.
Avoiding a Man-in-the-Middle (MITM) attack requires TLS or SSL endpoint authentication. The first step in cybersecurity is using an authentication key that can’t be spoofed. Authentication methods are better than ever, and it’s possible now to have end-to-end encryption on some systems.
Two-factor authentication methods should be used to enhance security against MITM attacks. Passwords can be compromised on accounts and systems.
Adding an additional factor, like a hardware key, or a software code makes your system more secure. It’s harder for attackers to break encryption or intercept traffic if two-factor encryption is used.
Make sure your computer’s operating system (OS) and software are up-to-date, and important data is backed up. Check to assure your “OS has a current, well-vetted security or antivirus application installed and running.”
Connect only through public Wi-Fi settings. And disconnect the auto-reconnect while on a hotel network.
Wherever possible, use your personal phone’s wireless hotspot instead of public or hotel Wi-Fi. Also, confirm a hotel official Wi-Fi network and the HTTPS connection by the lock icon to guard against spoofing.
Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.
Want to contribute a story? We also accept article submissions – check out our writer’s guidelines here