For companies of any size and public sector
Cyberattacks have risen significantly within the last decade, with some of the worst attacks in history occurring within just the last few years. As powerful and beneficial as the internet is, it’s also home to some of the most dangerous threats businesses face in modern society.
The web has brought us all closer together, but in doing so, we’ve sacrificed our own data. Cybercriminals everywhere look for new and sophisticated ways to access that data to steal, copy or sell it. One of these methods is called a man-in-the-middle, or MITM attack.
In this guide, you’ll learn more about how to protect a business from a kind of cyberattack that can cost millions in potential damages. Many businesses and individuals don’t have millions of dollars to steal, but that doesn’t mean they aren’t at risk.
Man-in-the-middle attacks are especially problematic because they can occur in such a small time frame. An attack can take as little as 10-15 minutes, but the damage it can cause can be both long-term and fatal to a business. With cyber crime estimated to cost the globe somewhere around $10 trillion by 2025, it’s time we all took our cybersecurity a bit more seriously.
The more you know about MITM attacks, the more you can protect your business.
A man-in-the-middle attack, or MITM, is a cyberattack where a cybercriminal intercepts data sent between two businesses or people. The purpose of the interception is to either steal, eavesdrop, or modify the data for some malicious purpose, such as extorting money.
MITM attacks depend on the manipulation of networks or creating malicious networks the cybercriminal controls. The cybercriminal intercepts traffic and either lets it pass through, collecting information as it goes, or reroutes it to somewhere else.
Cybercriminals essentially act as “middlemen” between the person sending information and the one receiving it, hence the name “man-in-the-middle attack”. These attacks are surprisingly common, especially on public WiFi. Since public WiFi is often unsecured, you can’t know who is monitoring or intercepting web traffic, since anyone can sign on.
There are several kinds of MITM attacks, making them some of the most versatile cyberthreats around today. These include:
Rogue Access Point
A rogue access point is a wireless access point that’s been installed on a legitimate network. This allows the cybercriminal to intercept or monitor incoming traffic, often rerouting it to a different network entirely to encourage malware downloads or extort the user.
This method involves modifying an IP address to reroute traffic to an attacker’s website. The attacker “spoofs” the address by altering packet headers to disguise themselves as a legitimate application or website.
This attack links the attacker’s MAC address with the victim’s IP address on a local area network using fake ARP messages. Any data sent to the local area network by the victim is instead rerouted to the cybercriminal’s MAC address, allowing the cybercriminal to intercept and manipulate the data at will.
The cybercriminal enters a website’s DNS server and modifies a website’s web address record. The altered DNS record reroutes incoming traffic to the cybercriminal’s website instead.
When a user connects to a secure site with the https:// prefix, the cybercriminal sends a fake security certificate to the browser. This “spoofs” the browser into thinking the connection is secure, when in fact, the cybercriminal is intercepting and possibly rerouting data.
Cybercriminals use session hijacking to take control of a web or application session. Hijacking expels the legitimate user from the session, effectively locking the cybercriminal into the app or website account until they’ve gained the information they want.
The cybercriminal creates packets that seem normal and injects them into an established network to access and monitor traffic or initiate DDoS attacks.
The cybercriminal intercepts the TLS signal from an application or a website, and modifies it so the site loads on an unsecured connection as HTTP instead of HTTPS. This makes the user’s session viewable by the cybercriminal and exposes sensitive information.
This method involves “spoofing” a secure site address so the victim navigates there. Cybercriminals hijack communication between the victim and the web server of the site they want to access, disguising a malicious site as the legitimate site’s URL.
One of the most common MITM attack methods is over public WiFi. Public WiFi is often unsecured, so cybercriminals can see web traffic from any of the network’s connected devices and lift information as needed.
SSL Stealing Browser Cookies
Cookies are useful bits of website information that the sites you visit store on your devices. These are useful for remembering web activity and logins, but cybercriminals can steal them to gain that information and use them for malicious purposes.
Sniffing attacks monitor traffic to steal information. Sniffing is performed with an application or hardware and exposes the victim’s web traffic to the cybercriminal.
Detecting a MITM attack can help a business or individual mitigate the potential damage a cybercriminal can cause. Here are some methods of detection:
Analyze strange web addresses
Unexpected disconnections and network delays
Monitor public WiFi
Preventing man in the middle attacks can save businesses thousands in damages and keep their web and public identities intact. Here are some essential tools to help prevent MITM attacks:
Enterprise Password Management (EPM) Platform
In 2017, Equifax came under attack from cybercriminals, who were able to exploit an HTTP error to intercept traffic to the Equifax servers. This vulnerability was swiftly addressed by the company, but shows the severity of a MITM attack. Thousands, if not millions of personal records could have been exposed or stolen.
A Chinese venture capital firm and an Israeli startup were the victims of a serious MITM attack where around $1MM in startup funds were stolen. The cybercriminals intercepted email communications between the two firms and rerouted seed money for the startup to their own accounts.