Man In The Middle Attack Terrible Truth - What is it, Examples and How to Prevent MITM Attack


What is Man In The Middle Attack?

Man In The Middle Attack (MitM) is the type of cyber-attack when hackers (attackers) intercept communication between two parties (usually user and application) and make way to modify that communication. The user has no idea that something strange is going on. The primary goal of the MitM attack is to get valuable information and direct collected information to the compromised website.

This is the most basic man-in-the-middle attack definition and as you can see the whole process involves three players. Two victims that are NOT aware of the fact there is a man-in-the-middle (third player) who listens their communication. Since victims don’t have a clue that they don’t communicate with each other, but with an attacker that sits in the middle, they quickly pass most crucial information.

Info like bank account logins, social media logins, credit card numbers, or corporate emails can easily go in the hand of digital intruders. It is usually too late once the victims suspect something is wrong. The damage has done. In the corporate world, this usually means a loss of millions of dollars.

Very often MitM attack involves some other type of cyber attacks like phishing or social engineering. Unfortunately, there is a lot of “black hat” and hacking websites that offer step by step man-in-the-middle attack tutorials. The same websites offer MITM tools that novice hackers need to master to become successful cybercriminals. Tools (that are by the way very cheap) are used to grab all the traffic from client’s server and take over online communication.

Lines below demonstrate how MitM attack works.

Man In the Middle Attack Example

Let’s make it simple. Imagine this scenario.

You met a girl. You like her, and after a couple of dates, you want to impress her and express your sympathy. You decided to create a simple website, embed love song and a few photos from the last couple of days you spent together. Great way to say I AM IN LOVE WITH YOU you think. Thrilled and excited about a unique idea you bought a domain and hosting. After a few hours of designing you just need to publish everything and make it live before sending her URL to access little surprise.

However, you are not aware that your Wi-Fi signal is jeopardized because of unsecured router. There is a man in between. He has access to your email account. That awful man can “see” everything you do, and he is about to ruin your dreams.

Finally, you send her an email with URL that leads to a small surprise. Proud of yourself you are waiting for her reaction.

BOOM!

The reaction is not the one you were hoping for. Man in the middle changed URL in your email. Instead, to open your cute website, she opens a pornographic webpage with disgusting images. Damage is irreparable. It is too late to explain; you ruined it.

Now, imagine if the girl was a bank and the website was $10,000 you needed to transfer to the bank account or a business partner in Europe. Instead in a bank account, money could quickly end up in the hands of Ukraine hackers.

Now when you have a man in the middle attack real-life example in front of you, let see what techniques hackers use and what are common types of MitM attacks. The example above is a typical email hijacking.

Man in The Middle Attack Types

There are several types of a man-in-the-middle attack, all of them are equal deceptive and manipulative. Important to know is that attack is possible to do in two ways.

The first one, and mostly used is to attack using MitM tools or malware. This is also known as a man-in-the-browser attack (MITB).

Second is based on physical proximity to the victim. For instance, hacker and victim use the same free wireless access point set by a hacker at the airport, public library or another public place. Once the victim gets connected to the access point, its device is compromised.

Common to all MitM attacks are two carrying out phases, Interception and Decryption. When hackers gain control over the router in the home or office environment, they can easily intercept all data transmitted through the network. However, their job is not finished yet. Once they intercept communication, they need to encrypt data in order to read and efficiently manipulate data.

Here are several man-in-the-middle attacks types to be aware of.

1. Email Hijacking

This is one of the oldest types of MitM attacks. As the example above the hacker can breach into bank email accounts and hijack email conversation between client and bank. At the right moment, attackers spoof bank’s email and send malicious document containing their info and paying instructions to the client. Client follows instruction and instead to transfer money to the bank, he transfers to the hackers.

2. Session Hijacking

This attack is also known as cookies hijacking. Cookies are small pieces of data that include valuable information for accessing websites. For instance, our location or pre-filled forms, and stored browser passwords. If attackers can intercept and overtake session with the website and gain control over cookies in the browser, they can use them to easily access sensitive data like stored credit card number and login credentials. This way attackers can play with your identity.

3. HTTPS Spoofing

SSL spoofing doesn’t attack SSL itself. It attacks the transition from non-encrypted to encrypted communication. By installing the false certificate in victim’s browser, that has a piece of code that allows the certificate to connect with the malicious app; an attacker can access all data before it is sent to the app.

4. IP spoofing

IP spoofing is the most-used spoofing attack. Most known is Dos or Denial of Service attack, but in the case of MitM attack malicious attacker uses legit IP address to send malicious packets, and that way tricks the systems. The server allows the access to attacker causing many security threats.

5. DNS spoofing

DNS cache poisoning or spoofing is attacks when hackers exploit domain name server vulnerabilities, usually changing website’s address record, and drive away traffic from legit server to fake server or precisely attacker’s website. Try to access the legit website and you’ll be “redirected” to a fake website.

6. SSL stripping

SSL stripping is a way to regress HTTPS connection to HTTP. Hackers intercept TLS authentication file sent from the server to the client and make session exposed to their control and data manipulation. Instead of requested https://example.com user gets http://example.com.

7. Wi-Fi Eavesdropping

In this case, hackers set phony WI-FI access point using the legit name or name of some business or institution. If victim’s laptop is set to connect to strongest Wi-Fi signal out there, attackers can use the access point to add a laptop to their domain. This way all traffic from laptop to access point is under attacker’s control.

Man In The Middle Attack Prevention and Defense

Once you get tricked by an attacker, it’s almost impossible to regain the data or money. As with other computer and cyber-related issues, prevention is the key. No matter how smart and tricky attackers can be, you can be very successful with man-in-the-middle attack prevention.

Here are exact and proven tactics, or if you like measures against MitM attacks. Stick to them, and you shouldn’t be worried about malicious tech guys lurking behind the corner.

Get Educated

First and most important step to stop different types of cyber-attacks is to learn everything about possible threats. Many organizations and small businesses don’t pay attention when it comes to the education of employees about cybercrime. Your IT guys and administrators should organize workshops and explain to everyone in the company how phishing emails look, how to recognize suspicious email or attachments and don’t get fooled by attackers.

Stop Using Public Wi-Fi

In situations when you are out of the office or home but you need to work and get the job done use LTE connection from a mobile carrier. This is wireless tethering, this way you can send WI-FI signal from phone to laptop and create a personal Wi-Fi spot.

In any circumstances don’t use the public wireless network when you need to make an online order or in any other situation that requires to leave credit card information. In essence, avoid every connection that is not password protected.

Strong Encryption & Password Policy

Always set the strongest possible password for wired and Wi-Fi routers. Use strong WEP/WAP encryption that is impossible to break. Change password quarterly on every device connected to home or office network.

Always Logout

Don’t forget to log out from email or other personal applications when you don’t use them. Use computers in public places like coffee shops, libraries, school or other facilities only when you have to.

VPN

Any time you need to work and access files and folders from remote location use company virtual private network (VPN). Even when we are on vacation, there are a few things we need to care off. In similar situations, never use hotel’s WI-FI. Always connect remotely to business VPN, get the job done and disconnect from the virtual private network.

Force HTTPS

Don’t share credit card information or any other sensitive data on the websites which don’t utilize SSL certificates. Use internet browsers which send notifications about not secured connections. Those are Chrome and Mozilla. Always look for the small padlock icon in the URL bar. If the padlock is red, don’t leave personal info on that page.

Make Your IT System Rock Solid

If you are not familiar with the technical part of this article but you are aware that secure office network is essential to protect your data from breaching. Microsoft certified senior network engineers from Secure Networks ITC have knowledge and experience to design a safe IT environment immune to cyber-attacks. Get in touch today and let our experts take care of your online security.