A man-in-the-middle is a type of cyberattack in which a third party intercepts communication between parties without their knowledge, with the aim to steal or modify important information. Such attacks are a serious threat to privacy and security. They can be prevented, however, by consistently following several rules.
Man-in-the-middle (MITM) attacks can take many different forms. The most popular involve taking over email, impersonating domain names (DNS) and IP addresses, taking control over SSL, stealing browser cookies, or session hijacking, which is taking over an internet session.
During some attacks, bots generating text messages or imitating a person’s voice during a phone call may be used to extract important information from devices. MITM is particularly dangerous because none of the parties sending emails, text messages or chatting during a video call are aware that someone else has joined the conversation and is stealing their data.
Man-in-the-Middle attacks are most often experienced by banks and their applications, financial sector companies, healthcare systems and companies servicing industrial networks of devices that communicate with each other using Internet of Things (IoT) protocols. “A MITM attack can be targeted at any company, organization or individual, if cyber criminals deem there is a chance of achieving financial benefit. Stolen information and sensitive data are sold on the darknet for a few dollars per record. It might not seem like much, until we realize that millions of records could be stolen during a single data breach,” says Robert DÄ…browski, the head of Fortinet’s team of engineers in Poland.
How Does a Man-in-the-Middle Attack Work?
MITM exploits flaws in network security protocols, websites or browsers to redirect legitimate traffic and steal information from victims. Regardless of the specific techniques, the attack always proceeds as follows: person A sends a message to person B, the attacker intercepts it without persons A and B knowing, and then alters or completely deletes the message. Man-in-the-Middle attacks are responsible for massive data breaches, such as the 2021 attack on Cognyte (5 billion stolen records), the Twitch streaming platform (5 billion records), Linkedin (700 million records) and Facebook (553 million records).
One of the most famous examples of MITM is Edward Snowden revealing in 2013 information about the PRISM program, which involved massive eavesdropping on Americans and citizens of other countries conducted through VoIP and the Internet. To spy on people illegally, the NSA (National Security Administration) pretended to be Google and intercepted all traffic, also falsifying SSL encryption certificates.
How to Detect a Man-in-the-Middle Attack?
An ongoing attack can be indicated by unusual or repeated disconnections from the service. Cybercriminals look for as many opportunities as possible to extract usernames and passwords, and their multiple entries facilitate this task.
One should also watch out for suspicious URL addresses. Although fraudulent websites can very closely resemble trusted ones, the address of a malicious site differs from the real one. Therefore, users should always, especially in the case of financial transactions, carefully check the URL.
“Another issue that should raise alertness is the use of public, unsecured Wi-Fi networks. They should be avoided especially in unknown, previously unvisited places, like restaurants, airports or other public facilities. Even if users are not conducting banking transactions in such a network or activities related to confidential data, a cybercriminal can send malicious code to the device, for instance, to intercept sent messages,” says Robert DÄ…browski.
Good Practices Against Man-in-the-Middle Attacks
The Fortinet expert emphasizes that Man-in-the-Middle attacks are a serious threat to all companies, regardless of their size. Organizations such as SCORE and SBA, which provide entrepreneurs with free mentoring, have estimated in the past that about 43% of all targeted attacks are aimed at small and medium-sized businesses, which are usually less secured. Meanwhile, Business News Daily reported that losses due to cyberattacks on small businesses averaged $55,000.
Every company should therefore apply good cybersecurity practices that will protect it from data breaches as a result of a MITM attack. They include, above all, updating and securing home Wi-Fi routers, using VPNs and implementing end-to-end encryption wherever possible.
Source: https://managerplus.pl/man-in-the-middle-czyli-cichy-zlodziej-w-cyberprzestrzeni-61496
