Three’s a Crowd: Protecting Against Man-in-the-Middle Attacks

October 5, 2020 | 3 min read

BlueVoyant

A man-in-the-middle attack, or MitM, is an attack where the attacker’s goal is to secretly listen in on or modify traffic going between two parties. The target of the attack is usually intellectual or fiduciary information.

How a MitM Attack Works

Man-in-the-middle attacks are typically executed in two phases - interception and decryption.

Think of MitM as two people chatting while, unbeknownst to them, a third person is eavesdropping on their private conversation with malicious intent. The third person, or man-in-the-middle, listens in on and records the conversation creating an interception.

Using information gained from the conversation, the eavesdropper can believably impersonate the first person in interactions with the second. That interaction usually starts with the MitM posing as person one, asking person two to loan them money. This is known as “decryption.”

Person two, trusting person one, hands over the money, not knowing there is a third person in the scenario.

MitM attacks can be used to:

  • Steal login credentials or personal information
  • Spy on the victim
  • Sabotage or corrupt data
  • Redirect efforts, funds, resources, or attention
  • Inject malware into a computer using phishing

These attacks are executed in a variety of ways, and while detecting an attack may be difficult, attacks are preventable.

7 Different Types of MitM Attacks

Cybercriminals can perform a MitM attack in multiple ways:

  1. IP Spoofing: A spoofed internet protocol address (IP) can fool a user into thinking a fake website is legitimate and steal their information.
  2. DNS Spoofing: Domain Name Server (DNS) spoofing diverts traffic from a legitimate website to a fake one, to capture user login credentials.
  3. HTTPS Spoofing: Tricks your browser into believing it is visiting a trusted website while redirecting to an unsecured website where all interactions can be monitored and compromised.
  4. SSL Hijacking: A Secure Sockets Layer (SSL) is a security protocol that encrypts the links between your browser and the web server. In an SSL hijacking, the attacker intercepts the information passing through this link.
  5. Email Hijacking: Targets email accounts to gain access to an organization; any information obtained is used to spoof email addresses.
  6. Wi-Fi Eavesdropping: Public Wi-Fi connections can monitor the user’s online activity and intercept sensitive information.
  7. Stealing browser cookies: An attacker gains access to an online session using a stolen session key or stolen browser cookies.

How to Prevent an Attack

MitM attacks are one of the oldest forms of cyberattacks, dating back to the early 1990s. Here are some ways you can protect yourself against these attacks:

Services: Ensure ‘HTTPS’ and not ‘HTTP’ appears in the address bar of all websites you visit. Don’t click on links in an email, rather type the website address into your browser. Don’t connect to public Wi-Fi routers if you can avoid it - connect via a VPN, which encrypts your connection and protects your data. Make sure your home Wi-Fi network is secure by updating all default usernames and passwords to unique, strong passwords.

Software: Install antivirus software on your devices as well as a comprehensive email and web security solution. Don’t install unnecessary plugins or software, especially if it’s free - these may contain malware.

Organizations: In a company setting, know what access and time is normal for working - any unusual activity should raise a red flag. Educate yourself and your staff about cybersecurity - understanding what a threat could be. This can help prevent attacks through awareness.

MitM attacks are evolving, and sometimes new technology is developed without security as a high priority. Encryption is not a complete solution, and if a MitM attack is successful, it could lead to negative brand perception and loss of trust from your customer - don’t let yourself be caught off-guard.