Blog

Don’t Fall Victim to Man in the Middle Attacks. Take this advice

June 4, 2018

Imagine if the next time you sent a birthday card to a friend, somebody else opened it first. In this scenario, the crook was looking for any cash you might have included in the card before forwarding it on to its rightful owner.

This is precisely the concept of a Man-in-the-Middle (MiTM) attack. First documented way back in 1995, MiTM attacks occur when a cybercriminal positions themselves between two communication endpoints, and intercepts the information in transit.

After an attacker interrupts a legitimate connection, say between a WiFi point and a mobile device, they are in control.

In many cases, users are forwarded on to fake websites where their credentials are harvested and used to commit fraud.

How do hackers do it?

Although cybercriminals exploit flaws in many systems to commit MiTM attacks, there are three standard routes an attacker will usually take.

Fake WiFi:

One of the most popular ways for hackers to execute a MiTM attack is over WiFi. In this scenario, cybercriminals intercept a connection directed to a legitimate WiFi hotspot.

Instead of accessing the WiFi network, users log on to the hacker’s WiFi point, revealing all of their traffic, and any credentials they enter, to the cybercriminal.

Although this attack often takes place over public WiFi connections, it can also target secure Wi-Fi networks too.

Hijacking User Emails:

There are many ways for malicious actors to gain access to email credentials. But commonly, cyberthieves undertake targeted phishing attacks and convince an unsuspecting user to click on malware.

Hackers can take over a user’s web browser and commit a MiTM attack by redirecting that user to a fake website. This is a form of spoofing – but we’ll cover that in more detail later.

In many cases, the fake site will be a financial one. Once a user enters their credentials, they can be harvested and used to commit fraud.

Spoofing:

MiTM spoofing attacks can be carried out in several different ways. As mentioned, hackers can set up fake web pages and steal the information entered into them. With this data, cybercriminals can go ahead and commit fraud.

This process can happen through DNS or ARP spoofing. Both methods reroute traffic aimed at a specific IP address with malicious intent.

Hackers also use this technique to spread malware on private, internal networks too.

How to protect your business

  • The easiest way to avoid a WiFi hack is by only connecting to networks you trust. But of course, this isn’t always possible.
  • When in doubt stick to mobile data plans and avoid free public WiFi – especially if you intend to access sensitive information during a session.
  • If you must use an open WiFi network – use a VPN, and never let your device remember an untrusted, publicly accessible network.
  • Make sure your staff are well aware of phishing scams and know just what to look out for. By avoiding this initial attack, you’re taking out one of the main entry points available to hackers.
  • Never visit a site that isn’t secured with HTTPS. This is today’s security standard, and if a website doesn’t provide this certification you know you might be in for some trouble.
  • Above all, avoiding a MiTM attack is all about vigilance. You must be aware that these attacks are possible, and your whole organization should be on the lookout for them.
  • Related Posts

    May 24, 2018

    In recent years, massive data breaches have become regular news items – and for a good reason. During these attacks,…

    May 1, 2018

    This year, World Password Day falls on May 3. An initiative devised to make you think about how well you…

    April 27, 2018

    Cybercriminals steal user credentials in several ways. With this lucrative user data, hackers steal funds, confidential information, and even identities.…

    April 3, 2018

    A common dictionary attack uses a list of words to guess the passwords for user accounts. It’s a simple tactic…

    February 9, 2018

    If different types of cyber-attacks were a group of friends, credential stuffing would be the odd one out. This isn’t…

    February 7, 2018

    Perhaps you have heard of the huge password breaches that online giants like Yahoo have suffered in the past years.…