A man-in-the-middle attack operates exactly as it sounds. The victim of the cyber attack is communicating with another party, and a  “man in the middle”  intercepts the communications illegally. It is important to note that in these attacks, the victim is not aware that there has been any type of infiltration, so the communication continues.

Here is an example of how this works: An individual receives an email that appears to be from their financial institution, asking to confirm contact information. When that individual clicks on a link, it takes them to a site that looks exactly like the website they are familiar with.  Once they log in, the man-in-the-middle captures their valid login information in order to hack their true account.

IT network security

Man-in-the-Middle Attack Methods

MITM attacks typically occur in one of two forms.

  • An attack which involves physical proximity to the intended target (traditional attack)
  • An attack which involves malicious software, or malware. (man-in-the-browser attack)

Perpetrators generally execute a man-in-the-middle attack in two stages — interception and decryption.

During a traditional attack, a criminal attempts to gain access to an unsecured Wi-Fi router, typically found in public areas with free Wi-Fi. Cyber criminals scan the router looking for  vulnerabilities such as weak passwords, or unprotected networks. Once found,  tools used by the criminals intercept the victim’s data, and can also insert them onto the victim’s computer to continue to monitor ongoing transactions and logins.

A man-in-the-browser attack (MITB) involves a criminal injecting malware onto the victim’s computer or mobile device. Email phishing, such as in the example above, is one of the most common ways for malware to be transmitted onto the victim’s device.

Main Classifications of Man-in-the-Middle Attacks

  1. IP spoofing: Every device has an internet protocol (IP) address. When spoofing an IP address, the attacker tricks the victim into thinking they are interacting with a known party, perhaps lulling you into giving personal information.
  2. DNS spoofing: Domain Name Server (DNS) spoofing sends a user to a fake website which mirrors a safe and trusted site. The criminal is diverting web traffic from the real site to a fake one for the purpose of stealing login information.
  3. HTTPS spoofing: When a URL begins with “HTTPS” , the website is secure. When a website URL instead begins with only “HTTP”, it is unsecure. (the “S” stands for secure.) Because the rest of the URL is familiar, they hope you won’t notice you have been directed to a false site.
  4. Hijacking of Email: Cybercriminals target email accounts of banks and other financial institutions in order to monitor transactions between the institution and its customers.
  5. Wi-Fi Eavesdropping: Cybercriminals can establish public Wi-Fi connections with names which sound legitimate, such as a nearby business network. Once people connect to the  Wi-Fi network, the criminal can intercept login credentials, payment card information, and more. This is why using a VPN over public networks is so important.
  6. Stealing browser cookies:  A browser cookie is a small tidbit of information a website stores on your computer. If you ever saved your credit card information on a website so that you don’t have to retype your number every time, you’ve used a cookie. Criminals who steal these cookies can gain access to private information

Free eBook: Cybersecurity Built For Your Business, Budget and Staff

Security Solutions for the Midsize and Distributed Enterprise.

[]
1 Step 1
Your Nameyour full name
Previous
Next

 

What Can You Do?

  • Make sure URLs begin with  “HTTPS” — with the S.
  • Keep an eye out for phishing emails asking you to update your password or login information. Do not click the link, but either call the institution or type the institution URL into your browser yourself.
  • Avoid connecting to public Wi-Fi networks directly but install a VPN.
  • Since MITB attacks primarily use malware for execution, you should install a comprehensive virus protection solution on your computer.
  • Update all of the default usernames and passwords on your home router, utilizing strong, unique passwords.

Alliance IT can help you to with network security for your organization and remote workforce. Our team of IT experts understand the very real threats which are evolving every day, and are committed to making sure your business and networks are secure.