Man-In-The-Middle Attacks: A Rising Security Threat
Sep 25, 2019
Email security risks have become a growing threat to small and medium-sized businesses for the past decade as hackers are becoming increasingly savvy at gaining access to an organization’s database. In our previous article, Email Security Risks and Best Practices, we found that approximately 75% of phishing, malware, and ransomware attacks enter through email, primarily through the clicking of malicious links – and organizations are more likely to suffer a breach through these social attacks versus actual network vulnerabilities. We primarily highlighted prominent email security risks including phishing and Shadow IT, but in this article, we address the man-in-the-middle attack and illustrate how hackers use this strategy to target organizations of all sizes using email and other means of connection.
What is the Man-in-the-Middle (MitM) Attack?
The man-in-the-middle attack (MitM) occurs when a hacker, phisher, or anonymous proxy set themselves in the middle of the sender and receiver of the communication, retrieving any unencrypted data and information being communicated. They can intercept any communication between two systems including, email, social media, and websites resulting in stolen information including login credentials, personally identifiable information (PII), or financial information.
Johannes Ullrich, dean of research at SANS Technology Institute, states that MitM attacks can be easily automated, such as when an attacker downloads or updates applications. “There are tools to automate this that look for passwords and write it into a file whenever they see one or they look to wait for particular requests like for downloads to send malicious traffic back.”
IBM X-Force’s Threat Intelligence Index 2018 says that 35 percent of exploitation activity involved attackers attempting to conduct MitM attacks, but still aren’t as easy to conduct as opposed to malware or ransomware.
Types of Man-in-the-Middle Attacks
Unfortunately, there are many different types of MitM attacks. Understanding what these are and how they work is the first line of defense in protecting your information. A common MitM attack is through the use of WiFi where a hacker will set up a legitimate-sounding, but unsecured, WiFi name and wait for you to connect to it, resulting in access to your device. An example of this type of attack is when you’re out in public without service and would like to connect to a hotel or restaurant’s WiFi account that is unlocked and unsecured, posing as perfect bait to reel you in and connect to your device. However, this isn’t the only method hackers use to access your private information. There are four types of attacks to be aware of when combatting MitM attacks.
Address Resolution Protocol (ARP) is used to resolve IP addresses to physical media access control (MAC) addresses in a local area network. An attack can pose as a host and respond to requests with its own MAC address. By doing so, they can interfere with private traffic and extract valuable information while gaining full access to private accounts.
This type of attack happens when an attacker introduces corrupt DNS cache information. How does this happen? The hacker attempts to access another host using their domain name, such as www.mybank.com. With this fake domain name, the user sends sensitive information to a malicious host. The user thinks this is going to their trusted source but soon finds that private information has been put in the wrong hands.
mDNS (multicast DNS) spoofing is similar to DNS spoofing, however, it’s done on a local area network. This is an easy way to attack since users don’t know what addresses their devices are communicating with as it’s normally done automatically. The attack can happen due to devices such as printers, entertainment systems, and TVs. These devices store a local cache of addresses, so the attacker’s device will be seen as trusted for a period of time.
Rogue Access Point
Our earlier example of the unsafe WiFi network is an example of Rogue Access Point MitM attacks. This is when a device auto connects tot he strongest access point and from there, attackers can manipulate all traffic by the user. However, a user doesn’t have to be on a trusted network for this to happen. This can occur if an attacker is close enough in physical proximity.
These methods of attacks may seem confusing and unlikely, but these attacks actually happen more often than you think. It’s important to be aware and as in control of your information as you can be. After you understand the different types of attacks and what each one can do, the next step is understanding how to prevent these attacks from happening in the first place. Luckily, we have put together some useful tips on man-in-the-middle attack prevention.
Man-in-the-Middle Attack Prevention
Unfortunately, no person or business is completely immune to cyber attacks. Sometimes they are downright unavoidable. This may seem alarming, but there are steps you can take to keep your sensitive information safe. At Secuvant, we’re here to help. The first step is learning and evaluating the best way to protect against MITM attacks which include:
- Utilize encryption for email communication
- Don’t connect to public WiFi
- Browse websites that are legitimate with an https and lock icon
- Use a VPN to ensure a secure connection
Another way to secure the transfer of data between systems is to use Authentication Certificates, which means only endpoints with properly configured certificates can access your systems and networks. Preventing MitM attacks may seem daunting, but these are easy precautions to take in protecting your important information. Our experts at Secuvant can help you safeguard your data and information. With experience and knowledge in cyber security services, we can assist you in the ongoing effort to protect your important information. Don’t let a man-in-the-middle attack happen to you!
For more information on how to protect your organization from DoS and DDoS attacks, contact our cybersecurity professionals at firstname.lastname@example.org or 855-732-8826.