Blog

What is… a man-in-the-middle attack?

posted by: FraudWatch International date: Dec 16, 2015 category: All, Malware comments: Comments Off on What is… a man-in-the-middle attack?

In our blog article, Understanding the Internet of Things (IoT), we mentioned how having an internet- connected fridge can lead to a “man-in-the-middle” attack. But what is a man-in-the-middle attack exactly? How can you protect yourself from it?

Read explanations from our experts in the first article for our new blog category.

What is it?

As its name suggests, a man-in-the-middle attack (MITM) is when a cyber-criminal infiltrates a private conversation between two unsuspecting parties, eavesdropping on their entire conversation and possibly altering the information the parties are trying to send each other.

44_What-is-a-MITM-attack
Figure 1: The hacker is impersonating both sides of the conversation to gain access to funds

This attack won’t be successful if the cyber-criminal can’t establish a mutual authentication between the two parties. Generally, cyber-criminals use a Wi-Fi router to intercept all of the user’s communications. But it can also be done via a rogue Wi-Fi network, with some malicious programs, in order to intercept the user’s sessions directly on the router (for example when the victims connect their devices online through a Wi-Fi hotspot, which the hacker previously configured on his laptop).

Note: In cryptography, another name used for a man-in-the-middle attack is a “bucket brigade” attack, or a “Janus” attack.

Our experts’ advice

Most cryptographic protocols provide some form of endpoint authentication, specifically to block MITM attacks on users. Transport Layer Security (TLS) protocol is often used to authenticate that one or both parties are using a mutually trusted certification authority.

We recommend that you use strong mutual authentication between the client and the server. For instance: the server authenticates the client’s request by presenting a digital certificate, and only then can a connection be established.

Another method for preventing a MITM attack is never to connect to open Wi-Fi routers directly. If you need to do this, you should use a browser plug-in, such as HTTPS Everywhere or ForceTLS. These plugins will help you establish a secure connection whenever the option is available.

Hackers go after a business’ intellectual property and information customers have entrusted to them, such as credit card, banking details, etc…, but more often than not, a business that is under a man-in-the-middle attack is oblivious of it until it’s too late. The tragic repercussions of a successful hacking is that the company experiences negative brand perception, customers have a reduced feeling of confidence and of course, the company has data losses.

Man-in-the-middle attacks are a growing trend in the last few years. One of the reasons they are becoming more and more favoured by cyber-criminals, is that when hackers succeed in hijacking a user’s session, they then have direct access to all of the critical data that is transmitted within what is supposed to be a professional, private and secure conversation. It is not limited to emails anymore. Other forms of communication, like IM and SMS are also impacted. Now that our business lives are becoming more and more mobile, hackers also use mobiles devices to hack our daily business operations, making the traveling executive a major target for profitable returns.

Protect your business by:

  1. Equipping your company with a wide-ranging email security solution, to detect malicious activities as soon as they start.
  2. Having a web security solution, to detect malicious activities as soon as they start. You will then have visibility of web traffic generated from both the systems and end-users via either protocols or ports layers.
  3. Training your employees. Now more than ever, it is vital to educate your staff using case studies of attack methods previously encountered by businesses.
  4. Regularly controlling your user credentials. Always make sure that your passwords are secure, complex and updated frequently (the ideal is to change them every three months).

Comments are closed.