As far as scams go, Man-In-The-Middle attacks are a particular kind of subversive. ‘Active eavesdropping’ is the best summation of what these increasingly prevalent cyber-attacks are performing.
As far as scams go, Man-In-The-Middle attacks are a particular kind of subversive.
‘Active eavesdropping’ is the best summation of what these increasingly prevalent cyber-attacks are performing. This spying or being ‘in the middle’ is when would-be attackers either listen in or impersonate one of the two parties (such as a bank, or commercial website) making it appear as though a normal exchange of information is underway.
They are an insidious type of cyber-attack where a hacker intercepts data or conversations between two parties, which convinces the victim they are part of an authentic interaction.
According to the Australian Cyber Security Centre, a Man-In-the Middle attack (MITM) is ‘a form of malicious activity where the attacker secretly accesses, relays and possibly alters the communication between two parties who believe they are communicating directly with each other’.
The aim of these attacks is to steal personal information, such as login credentials, account details, or credit card numbers. Targets are generally those logging in to banking websites, e-commerce sites and other websites where a log-in with stored data can be found and exposed.
Criminals are after login credentials (particularly to banking institutions), credit card numbers and account details.
Information taken during an attack by threat actors could be used for many reasons, including identity theft, password changes or money transfers.
How Does a Man-In-the-Middle attack work?
There are varied ways for a MITM attack to take place, but commonly an ‘in’ is required to access your sensitive data; this access can be wide-ranging, but below are some of the more common access routes:
- Routers – a router using simple default passwords, or not updated are vulnerable to being hacked.
- Public Free Wi-Fi – avoid using password-free public wi-fi -or reserve for general browsing only. This is a goldmine for attackers to lurk, as hackers can create a free, malicious wifi hotspot and once connected, infiltrate your information.
- Phishing emails – these cheeky emails pop up amongst all kinds of scams, but this time is asking recipients to download malware or their sensitive information.
- Website pop ups – those infuriating pop ups stating ‘your computer is now infected’ et al, can be gateways into your network, should links be clicked.
- IP spoofing – Criminals may takeover servers and reroute traffic to a copycat website.
The above points of access are the more classic methods of interception, but every attack is unique and with varying levels of finesse.
But, how best to safeguard against an attack?
Man-In-the-Middle attacks can be difficult to identify since they rely on manipulating real-time data transfers and conversations. However, there are a multitude of ways to protect yourself against a MITM actor, and we recommend the following as a first line of defense:
- Avoiding Wi-Fi connections that aren’t password protected (both public and personal connections).
- Should you need to connect to an unsecure network, avoid using public wifi for any sensitive transactions, such as online banking.
- Use multi-factor authentication (MFA).
- Restrict unsecure HTTP access and be mindful of only using HTTPS connections with SSL (secure socket layer) technology. Many websites will show a padlock in the URL, as an indictor of being a secure site and an assurance of safety. If your browser displays a certificate warning, it’s a sign you’re going to a website that’s potentially had implants made by a criminal as part of a MITM attack. You should not proceed to the site, as best-practice.
- For business owners and managers, making all staff aware of the possibilities of a MITM attack and provide regular security awareness training. We would also recommend using a VPN (virtual private network) for staff browsing.
Avoid clicking on links in emails -even if they are seemingly legitimate. Go direct to the website and login as normally via your browser.
Unfortunately, man-in-the-middle attacks are on the increase, and with the ever dependance on wifi connections – repeatedly, ease of access to sensitive data is offered by the victims.
Being armed with the knowledge of how attacks occur should place you in good stead to best to avoid becoming a target; for as the wise ones say -forewarned is forearmed.