BLOG

MITM Attack

What is MITM attack and how to prevent

Man-in-the-Middle Attacks Defined

A Man-in-the-Middle Attack (MITM) is a form of cyber eavesdropping in which malicious actors insert themselves into a conversation between two parties and intercept data through a compromised but trusted system. The targets are often intellectual property or fiduciary information. MITM aggressors will also use malware to open the communications channel with the hopes of creating zombie machines or building vast networks of comprised systems. Man-in-the-Middle Attacks can be used as way into systems in order to execute an advanced persistent threat (APT).

In many cases organizations are unaware their session and/or data has been tampered with until it is much too late. If a MITM attack is successful, organizations experience negative brand perception, reduced customers’ confidence and ultimately a damaged bottom line.

How Man-in-the-Middle Attacks work.

MITM attacks can be executed in a number of different ways that exploit communications between other parties. Whether by passive or active means, an MITM attack finds a way between a user and an entity and attempts to conceal the breach and information theft. Below are common ways Man-in-the-Middle Attacks manipulate communication systems.

Types of Man-in-the-Middle Attacks.

Email Hijacking – attackers gain access to a user’s email account and watch transactions to and from the account. When the time is right, for instance the user is exchanging funds with another party, the attacker takes advantage of the situation by attempting to intercept the funds by spoofing one or all members of the conversation.

Wi-Fi Eavesdropping – a passive way to deploy MITM attacks, Wi-Fi eavesdropping involves cyber hackers setting up public Wi-Fi connections, typically with an unsuspecting name, and gain access to their victims as soon as they connect to the malicious Wi-Fi.

Session Hijacking – session hijacking is when an attacker gains access to an online session via a stolen session key or stolen browser cookies.

DNS Spoofing – an attacker engages in DNS spoofing by altering a website’s address record within a DNS (domain name server) server. A victim unknowingly visits the fake site and the attacker will attempt to steal their information.

IP Spoofing – similar to DNS spoofing, IP Spoofing sees an attacker attempt to divert traffic to a fraudulent website with malicious intent. Instead of spoofing the website’s address record, the attacker disguises an IP (internet protocol) address.

How To Avoid MiTM Attacks?

The key to avoiding man-in-the-middle attacks is the same as with most other attacks: be careful and keep your systems updated. Here are some tips and tricks:

  • Be wary of links that you click to avoid phishing attempts that lead to MiTM attacks.
  • Keep your operating system and your browser always up to date. This way, the attackers will not be able to use exploits to install malware on your computer.
  • Use a secure WiFi protocol on your router (WPA2, WPA3 if available), use a secure WiFi key, change default login credentials for your router and update your router firmware. This way, attackers won’t be able to compromise your local area network.
  • Limit your sensitive activity on public networks or use a VPN connection on public networks. A VPN will add an extra layer of security.
  • Make sure that the DNS servers (DNS caches) that you use are secure. Check the configuration on your router (DNS cache addresses are usually provided via DHCP). If in doubt, use Google public DNS caches: 8.8.8.8 .
  • If you have a website or web application, regularly scan it for vulnerabilities and resolve issues. Other vulnerabilities may lead to a potential MiTM attack on your users.

If you have a website or web application, enable HSTS (HTTP Strict Transport Security). If you do, your site will enforce HTTPS connections. This will protect your users against SSL stripping.

Written by Tamer Heib – Cyber Content Writer at Cyberetic

Brute Force Attack

In the world of Cyber crimes, brute force attack is an activity which involves repetitive successive attempts of trying various password combinations to break into any website…

Read More »