Webroot: How to Protect Your Business from ‘Man in the Middle’ Cyberattacks

By Tyler Moffitt

The question in this edition’s “ask a security expert” comes to us from Steve Boulton, a technical account manager at Business Computer Solutions, who asks, “What is a man-in-the-middle attack?”

At the most basic level, man-in-the-middle (MITM) attacks are just a more advanced form of eavesdropping. But, despite their often-simplistic nature, they can pose a serious threat to you, your personal data and your business. Here’s some helpful information on what you should be on the lookout for when it comes to MITM attacks.

A MITM attack is when an outside individual, most often a hacker, intercepts and/or alters communications between two systems. These types of attacks can take shape online in any number of ways. From email to social media to just simply browsing the internet, hackers can get between you and whatever system or person you’re interacting with to capture your data and information.

How MITM Attacks Work

Despite the relative simplicity behind the concept of MITM attacks, they’ve evolved throughout the years, with hackers developing a variety of ways to execute these spy-like attacks. Three of the most common types of MITM attacks include Wi-Fi interference, email hijacking and session hijacking.

• Wi-Fi Interference: A common tactic used in MITM attacks is Wi-Fi interference, where a hacker will use a wireless connection to eavesdrop on anyone who connects to the network, then gain access to a host of personal, financial or corporate information. Hackers set up a Wi-Fi connection and wait for their victims to click. This includes waiting for unsuspecting individuals to connect to a phony hotspot intentionally named to trick them into connecting. Once a device is connected to the hacker’s network, they have access to all the information on the connected device.
• Email Hijacking: Another frequently used MITM attack vector is email hijacking. In this type of attack, hackers can single out their victims by targeting their email accounts. While high-profile corporations, financial institutions and banks are most often targeted in this type of MITM attack, anyone can fall victim.

Once attackers have access to their desired email account, they quietly monitor the correspondence and wait for an opportune moment to make their move. Jumping into a conversation around money transfers is common. Hackers will insert themselves into the email conversation at the precise moment, faking a company email and providing their own bank details so victims believe they are sending money to the legitimate company but are actually sending it straight into the hacker’s account.

• Session Hijacking: MITM attacks can also be conducted through session hijacking. When you log onto a website, a connection between your computer and the website is established, and hackers are able to hijack this session with the website. There are various ways they’re able to hijack the session, but one of the most common ways is by stealing browser cookies — you know, those things you “accept” every time you jump to a new website. Cookies can store all types of information, everything from online activity to login credentials to your location. Once hackers have access to these login cookies, they can very easily log into your accounts and wreak havoc.

Protecting Yourself and Your Business from MITM Attacks

MITM attacks are sneaky; it’s in their nature. However, there are a number of ways that you can protect yourself, and your business, from falling prey to their stealth.

Individual users can take simple steps, such as paying close attention to whether a website is properly secured, logging out of applications when not in use and refraining from connecting to public Wi-Fi hotspots. By implementing cyberhygiene best practices you can dramatically decrease your chances of falling victim to a MITM attack. And if you must connect to an unsecured Wi-Fi network, make sure you …