Those spy-like eavesdropping efforts can steal your data and redirect your money.

September 9, 2019

4 Min Read
Black Hat Hacker

By Tyler Moffitt

By Tyler Moffitt

The question in this edition’s “ask a security expert” comes to us from Steve Boulton, a technical account manager at Business Computer Solutions, who asks, “What is a man-in-the-middle attack?”

At the most basic level, man-in-the-middle (MITM) attacks are just a more advanced form of eavesdropping. But, despite their often-simplistic nature, they can pose a serious threat to you, your personal data and your business. Here’s some helpful information on what you should be on the lookout for when it comes to MITM attacks.

A MITM attack is when an outside individual, most often a hacker, intercepts and/or alters communications between two systems. These types of attacks can take shape online in any number of ways. From email to social media to just simply browsing the internet, hackers can get between you and whatever system or person you’re interacting with to capture your data and information.

How MITM Attacks Work

Despite the relative simplicity behind the concept of MITM attacks, they’ve evolved throughout the years, with hackers developing a variety of ways to execute these spy-like attacks. Three of the most common types of MITM attacks include Wi-Fi interference, email hijacking and session hijacking.

  • Wi-Fi Interference: A common tactic used in MITM attacks is Wi-Fi interference, where a hacker will use a wireless connection to eavesdrop on anyone who connects to the network, then gain access to a host of personal, financial or corporate information. Hackers set up a Wi-Fi connection and wait for their victims to click. This includes waiting for unsuspecting individuals to connect to a phony hotspot intentionally named to trick them into connecting. Once a device is connected to the hacker’s network, they have access to all the information on the connected device.

  • Email Hijacking: Another frequently used MITM attack vector is email hijacking. In this type of attack, hackers can single out their victims by targeting their email accounts. While high-profile corporations, financial institutions and banks are most often targeted in this type of MITM attack, anyone can fall victim.

Once attackers have access to their desired email account, they quietly monitor the correspondence and wait for an opportune moment to make their move. Jumping into a conversation around money transfers is common. Hackers will insert themselves into the email conversation at the precise moment, faking a company email and providing their own bank details so victims believe they are sending money to the legitimate company but are actually sending it straight into the hacker’s account.

  • Session Hijacking: MITM attacks can also be conducted through session hijacking. When you log onto a website, a connection between your computer and the website is established, and hackers are able to hijack this session with the website. There are various ways they’re able to hijack the session, but one of the most common ways is by stealing browser cookies — you know, those things you “accept” every time you jump to a new website. Cookies can store all types of information, everything from online activity to login credentials to your location. Once hackers have access to these login cookies, they can very easily log into your accounts and wreak havoc.

Protecting Yourself and Your Business from MITM Attacks

MITM attacks are sneaky; it’s in their nature. However, there are a number of ways that you can protect yourself, and your business, from falling prey to their stealth.

Individual users can take simple steps, such as paying close attention to whether a website is properly secured, logging out of applications when not in use and refraining from connecting to public Wi-Fi hotspots. By implementing cyberhygiene best practices you can dramatically decrease your chances of falling victim to a MITM attack. And if you must connect to an unsecured Wi-Fi network, make sure you …

… encrypt your data using a virtual private network (VPN).

Business can help prevent MITM attacks by implementing other strong encryption mechanisms. Two communications protocols — Transport Layer Security (TLS), which provides end-to-end security between two communicating computer applications, and Hypertext Transfer Protocol Secure (HTTPS) — provide encryption and authentication so the data being transmitted when an individual gains access to a website is protected. It’s also vital that effective encryption on wireless access points is in place to prevent unwanted users from joining, or forcing themselves into, the network.

Evolving MITM Attacks

As more devices become internet enabled, the MITM attack landscape will continue to evolve dramatically. With internet-enabled cars, fridges and even hair straighteners, hackers have never had more opportunity to insert themselves between you and the wireless systems you connect to.

Just as we experiment with these new technological advances, so, too, are hackers. MITM attacks are a real threat, and as we continue to embed internet-enabled technology into almost every facet of our lives, MITM attacks will remain a threat to watch.

Tyler Moffitt is a senior threat research analyst at Webroot who is immersed in the world of malware and antimalware. He focuses on improving the customer experience through his work directly with malware samples, creating antimalware intelligence, writing blogs and testing in-house tools. Follow Tyler on Twitter @Webroot or on LinkedIn.

Read more about:

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like