While phishing has historically been the most popular cyber attack, in recent months, packet sniffing has become more and more prominent across industries.
Packet sniffing can be a lot sneakier and much more intrusive than other cyber crimes, since it involves someone actually monitoring your network. You can think of it as a bug in your network looking around for personal information, from passwords to bank information to full names and addresses. Sniffing was originally created to monitor networks and keep them running smoothly, but criminals adapted them in recent years and their use is fast growing.
Two types of sniffing attacks: active and passive.
An active attack is a targeted attack when a hacker has information about two points on a network and can tailor the attack to that specific stream of traffic.
A passive attack is when a hacker finds his or her way into a hub on a local area network and hangs out there to see if any interesting traffic comes by. The hub is connected to many devices with an absolute buffet of information passing through.
This is exactly why it can be dangerous completing sensitive online tasks in public places like airports and coffee shops.
So how do we prevent them?
1. Implement a Virtual Private Network (VPN)
As noted above, passive attacks happen most frequently on public, unprotected wifi. In the world of hybrid and remote work, this is particularly relevant. Cyber criminals look for highly populated places where many people are accessing sensitive information, like coffee shops with multiple laptops and airports where many professionals are traveling.
The best way to mitigate this risk is to have everyone access your organization’s resources through a VPN. A VPN is like a tunnel into your corporate network that only allows credentialed individuals access, safeguarding against sniffing and other cyber attacks.
2. Consider Virtualization
Taking it a step further, virtualization is a great alternative to a VPN. Leveraging Remote Desktop Protocol (RDP), your users can remote into virtual machines while working on the go. This gives you an extra layer of security because when remoting into a virtual machine, you are not actually connecting to your company’s network. Instead, you are sending clicks and pixels across the network that would be undecipherable to an attacker attempting to sniff your network. In addition, if a virtual machine was to be compromised, it can quickly be destroyed and no data would be lost.
3. Always Use Secure Protocols
The simplest step you can take to mitigate risk is to always use secure protocols like HTTPS instead of HTTP, and SFTP instead of FTP. If you are stuck in a situation where you have to use an insecure protocol, have a policy to always encrypt data at rest and in-transit utilize encryption software.
4. Invest in a Network Monitor
With the rise of packet sniffing, there are now many tools and programs that prepare for and prevent this type of attack. You can easily place your own monitor on the network, allowing it to identify anyone attempting to sniff the network, either actively or passively.
Stay Agile and Prepared
The internet can feel like the wild west with new attacks popping up in every direction, but there are steps every organization of every size can take to mitigate their risk. Consider implementing a VPN or a virtualization solution to protect your network, always use secure protocols, and consider an investment in a network monitor of your own – but also keep in mind your budget and long term IT roadmap when making these investments.
Just taking small steps and building awareness can save you a lot of headache later on when it comes to attacks like packet sniffing.
