What is a Man-in-the-middle Attack (MitM)?
A man-in-the-middle attack requires three players. There’s the victim, the party with which the victim is trying to communicate, and the “man in the middle,” who’s intercepting the victim’s communications either to secretly eavesdrop or modify information traveling between the two. Critical to the scenario is that the victim isn’t aware of the man in the middle.
Man-in-the-middle Attacks are commonly used to steal login credentials, files in transit, personal information, spy on the conversations or meetings, sabotage communications, or corrupt data.
How does a Man-in-the-middle Attack work?·
MitM attacks are one of the oldest forms of cyber attack. Computer scientists have been looking at ways to prevent threat actors tampering or eavesdropping on communications since the early 1980s.
So how does it work? Basically, an attacker builds a destination (e.g. website) similar to the actual site you wish to visit and steal your credentials / details. The attacker then employs old-fashion phone call trick techniques or send phishing email using the name of known persons in your organization, asking for immediate respond (e.g. reset password, make payment). The attacker then secretly installs a malicious agent on your machine. Once installed, the agent silently listen, steal information, or manipulate the data
Confused? Let me give you an example.
Let’s say you received an email that appeared to be from your bank, asking you to log in to your account to confirm your contact information. You click on a link in the email and are taken to what appears to be your bank’s website, where you log in and perform the requested task.
In such a scenario, the man in the middle (MITM) sent you the email, making it appear to be legitimate. (This attack also involves phishing, getting you to click on the email appearing to come from your bank.) He also created a website that looks just like your bank’s website, so you wouldn’t hesitate to enter your login credentials after clicking the link in the email. But when you do that, you’re not logging into your bank account, you’re handing over your credentials to the attacker.
What are some types of Man-in-the-middle Attack?
Email Hijacking – attackers gain access to a user’s email account and watch transactions to and from the account. When the time is right, for instance the user is exchanging funds with another party, the attacker takes advantage of the situation by attempting to intercept the funds by spoofing one or all members of the conversation.
Wi-Fi Eavesdropping – a passive way to deploy MITM attacks, Wi-Fi eavesdropping involves cyber hackers setting up public Wi-Fi connections, typically with an unsuspecting name, and gain access to their victims as soon as they connect to the malicious Wi-Fi.
Session Hijacking – session hijacking is when an attacker gains access to an online session via a stolen session key or stolen browser cookies.
DNS Spoofing – an attacker engages in DNS spoofing by altering a website’s address record within a DNS (domain name server) server. A victim unknowingly visits the fake site and the attacker will attempt to steal their information.
IP Spoofing – similar to DNS spoofing, IP Spoofing sees an attacker attempt to divert traffic to a fraudulent website with malicious intent. Instead of spoofing the website’s address record, the attacker disguises an IP (internet protocol) address.
How to help protect against a Man-in-the-middle Attack?
Though not as common as ransomware or phishing attacks, MitM attacks are an ever-present threat for organizations. IBM X-Force’s Threat Intelligence Index 2018 says that 35 percent of exploitation activity involved attackers attempting to conduct MitM attacks, but hard numbers are difficult to come by. So here are some tips on how to protect against a man-in-the-middle attack:
- Make sure “HTTPS” — with the S — is always in the URL bar of the websites you visit.
- Be wary of potential phishing emails from attackers asking you to update your password or any other login credentials. Instead of clicking on the link provided in the email, manually type the website address into your browser or call the other party to verify.
- Ensure your internet connection (e.g. WiFi) is secured and recognized. Be sure that your home Wi-Fi network is secure. Update all of the default usernames and passwords on your home router and all connected devices to strong, unique passwords.
- Never connect to public Wi-Fi routers directly, if possible. A VPN encrypts your internet connection on public hotspots to protect the private data you send and receive while using public Wi-Fi, like passwords or credit card information.
- Since MITB attacks primarily use malware for execution, you should install a comprehensive internet security solution, such as Norton Security, on your computer. Always keep the security software up to date.
- Ensure confidential files / information are password protected and encrypted
- Enable multi-factor authentication – protect you against stolen credentials
- Enable timely security patches and anti-malware solutions are running
- Logout of secured session after use – clear browser cache
Want to find out more on Man-in-the-middle Attacks and how to prevent them? Click the green button below to contact us today! Alternatively, head to our IT Security page to find out what services we provide.
eVantage Technology is a professional and trusted IT solutions provider, dedicated to providing exceptional service to companies in Singapore and across Asia.