‘Man In The Middle’ Attacks
Man in the Middle (MITM) attacks are becoming increasingly prevalent. Alongside phishing, it is one of the most common and effective forms of cybercrime today. A MITM attack is when a malicious actor inserts themselves into a conversation between two parties, intercepts the communications between them, even modifying them to suit their intents.
They can take place at varying levels of sophistication. In the simplest of terms, a man in the middle is like a rogue mailman in between two people writing letters to one another. If the mailman were inclined, he could snoop on their correspondence, stealing their details and even going so far as to rewrite the letters and manipulate the receivers.
Variations of the Man in the Middle Attack
There are various different types of Man in the Middle attacks, but there are a number of commonalities between them all. First of all, they all involve the eavesdropping on or manipulations of communications on a particular level. This can range from your emails with a customer to your usage of a website.
Secondly, there often has to be a prior security breach for the attacker to establish themselves “in the middle” of the communications. This is positive for businesses because it means that if you take the correct steps to protect yourself from these breaches, you are far less likely to fall victim to a MITM attack. Let’s take a look at some of the common types of MITM.
Email Hijacking
What is it?
Attackers can hijack email accounts and log in to eavesdrop on communications or use your trusted status to deceive further victims.
How does it happen?
Attackers need access to your email account. They can acquire this by a number of means; your email address is probably in the public domain, so all attackers need to do is match that with your password, which they can acquire in a number of ways. If you have a weak password (qwerty123, password1, your name, etc) they will be able to guess it. They may steal it through phishing – see our separate article on that here.
What are the consequences?
If your email account is hijacked, the consequences can be severe. It can be undiscoverable, and the attacker can lay in wait, monitoring the emails to and from the account until they assess a high-value target to strike. One common tactic is changing the account details on invoices sent out via email – so when your customers pay for goods, the money goes to the cybercriminals’ account. Consider the financial damage you could suffer. Furthermore, the reputational damage can be catastrophic – no one will want to do business with a company that cannot even ensure the security of its employee email accounts.
How can I prevent it?
Make sure you have a strong password policy in place. That way you’ll be far less likely to have email passwords cracked or even guessed. Beware of phishing emails that request you to enter your login details for any account. Following simple yet effective good practice like this can drastically reduce your chances of becoming a victim of MITM email hijacking.
WiFi Eavesdropping
What is it?
WiFi is not secured by default. This means that on public networks, such as those in coffee shops, or department stores, the information you send over the Internet could be spied on by third parties. On private networks, encryption can be turned on, but even then, if someone on your network was so inclined, they could eavesdrop on your WiFi traffic.
How does it happen?
If you connect to public Wi-Fi networks, attackers can eavesdrop on a lot of what you do quite easily. There are professionally-made tools that allow even the most unskilled of criminals to snoop on your communications.
What are the consequences?
The information you send over the Internet can be intercepted and read by attackers. This includes login details, passwords, and in some instances, even accounts that you are logged into at the time of browsing. This means that if you were logged into your email or social media accounts, attackers could hijack that session without even needing a password.
How can I prevent it?
If you really must use public Wi-Fi networks, use a VPN to keep your traffic secure. Ensure that when browsing the web, URLs begin with https and not HTTP – especially on websites where you are required to enter personally identifiable information or passwords.
Man In The Browser Attacks
What is it?
It is malware that infects your web browser and exploits security vulnerabilities to modify browser content, including web pages and transactions, as well as having the potential to insert additional transactions.
How does it happen?
Like other types of Man in the Middle attacks, you need to give the attacker a way in. A Man in the Browser is a type of malware called a Trojan, which will infiltrate your browser and remain hidden. They make their way onto your PCs via downloads from phishing emails and illicit websites.
What are the consequences?
Clearly, the consequences can be quite severe, particularly as MITBs are hidden from both the users and the browser. If, for example, you were paying a customer via online banking, the attacker would allow you to input the amount you were paying, and the details of the destination account. Then, they could modify the destination to their own after you click “send,” and the bank will receive the altered instructions, unbeknownst to both the payee and the bank.
How can I prevent it?
You need to have up to date anti-virus software installed on your PC. This can help detect malware on your computers. You also need to beware of phishing emails that encourage you to follow hyperlinks or download attachments – these could well be vehicles for getting the malware onto your PCs. Finally, you may want to consider a web filtering service to control which sites your employees can access at work, to ensure that no one mistakenly ventures onto a malicious website designed to ship the Trojans onto your machines.
Protect Your Business from Man in the Middle attacks
There is a clear trend in MITM attacks: they target vulnerable Internet users, financial transactions, and sensitive information.
But it isn’t all bad news – there is a clear pattern as to how to protect yourself from each different type of attack too. It starts with prevention – you can significantly lessen the chances of falling victim to each kind of attack by educating yourself and your staff on the threat of phishing emails. This will aid in thwarting attackers at establishing themselves or their malware “in the middle.”
You need to adhere to best practice. This means using a Virtual Private Network when using public Wi-Fi or accessing your office resources remotely. This will encrypt your traffic and ensure that it is far more difficult for criminals to snoop on it.
You need to ensure you have invested in the appropriate levels of protection for your business. As the threats arrayed against companies evolve, it is irresponsible not to take measures to protect your company. Firewalls, email and web filtering, and anti-virus are just some of the essential software components in this day and age. Educating your staff is a great first step towards security, but with the sophistication of threats these days, it is not enough to rely on your people anymore.
How Can Neuways Help Me?
Neuways offer a range of award-winning, industry-leading products that can help in protecting your business from ‘man in the middle’ attacks. Anti-spam can help catch phishing emails before they make it to your employee’s inboxes. Web filtering can help you provide safe Internet access to your people. We can offer encryption to stop attackers from spying on your data in transit. Firewalls can stop intrusions into your network.
Did you know that only 67% of successful cyber-attacks, such as MITMs, are noticed immediately? 23% are noticed within 24 hours, and it takes 7% of victims a week to notice the damage. Consider the amount of damage an attacker could do to your business, given 24 hours. Neuways can help secure and monitor your network and ensure any threat is dealt with promptly.
Neuways has a number of close partnerships with industry-leading security software providers, including backup, servers, disaster recovery, antispam and more. By working closely with these partner companies, we are able to ensure that all our technicians are highly trained in each of these areas, ready to recommend, install and support the correct solution for our customers.
