Man-In-The-Middle Attacks: A Rising Security Threat
Feb 20, 2019
Email security risks have become a growing threat to small and medium-sized businesses for the past decade as hackers are becoming increasingly savvy at gaining access to an organization’s database. In our previous article Email Security Risks and Best Practices, we found that approximately 75% of phishing, malware, and ransomware attacks enter through email, primarily through the clicking of malicious links – and organizations are more likely to suffer a breach through these social attacks versus actual network vulnerabilities. We primarily highlighted prominent email security risks including phishing and Shadow IT, but in this article, we address the Man-in-the-Middle attack and illustrate how hackers use this strategy to target organizations of all sizes using email and other means of connection.
What is the Man-in-the-Middle (MitM) attack?
The man-in-the-middle attack (MitM) occurs when a hacker, phisher, or anonymous proxy set themselves in the middle of the sender and receiver of the communication, retrieving any unencrypted data and information being communicated. They can intercept any communication between two systems including, email, social media, websites, etc. – resulting in stolen information including login credentials, personally identifiable information (PII), or financial information. Another common MitM attack is through the use of WiFi where a hacker will set up a legitimate sounding, but unsecured WiFi name and wait for you to connect to it, resulting in access to your device. An example of this type of attack is when you’re out in public without service and would like to connect to a hotel or restaurant’s WiFi account that is unlocked and unsecured, posing as perfect bait to reel you in and connect to your device.
Johannes Ullrich, dean of research at SANS Technology Institute, states that MitM attacks can be easily automated, such as when an attacker downloads or updates applications. “There are tools to automate this that look for passwords and write it into a file whenever they see one or they look to wait for particular requests like for downloads to send malicious traffic back.”
IBM X-Force’s Threat Intelligence Index 2018 says that 35 percent of exploitation activity involved attackers attempting to conduct MitM attacks, but still aren’t as easy to conduct as opposed to malware or ransomware.
How to Protect Against MitM Attacks?
The best way to protect against MITM attacks is to utilize encryption for email communication, don’t connect to public WiFi, browse websites that are legitimate with an https and lock icon, or use a VPN to ensure a secure connection. Another way to secure the transfer of data between systems is to use Authentication Certificates, which means only endpoints with properly configured certificates can access your systems and networks.
For more information on how to protect your organization from DoS and DDoS attacks, contact our cybersecurity professionals at firstname.lastname@example.org or 855-732-8826.