Keeping data, especially cloud data, secured from breach or theft is a real task. When it comes to cyber threats, Man-in-the-middle Attack (MiTM) is considered one of the most common and dangerous attacks. Being one of the most passive techniques, it gives away information via easily intercepting and manipulating network traffic. And to further aid the process, there are freely available hacking tools that help attackers set up their traps. It simply requires three ingredients – a targeted user, a legitimate seeming entity (website, database, institution), and the criminal who can intercept the communication.
MiTM is an active form of eavesdropping where bad actors establish an intruder between two parties, listening in to private discussions that might include email addresses, bank accounts, or other sensitive information. In 2020, Google blocked mixed content downloads, which are files delivered over insecure HTTP connection when they are first initiated from HTTPS websites as ‘they are a risk to a user’s security and privacy as they could be swapped out or viewed in man-in-the-middle (MiTM) attacks.’’
Recent incidents have reported attackers creating an unsecured public Wi-Fi network for the victim to fall prey. There are various means and types that have been developed to conduct MiTM attacks – Email Hijacking, Session Hijacking, Wi-Fi Eavesdropping, IP/DNS/HTTPS Spoofing, SSL Hijacking, Browser Cookie Theft, ARP/mDNS Spoofing, and Rogue Access Point.
Signs and Symptoms of MiTM
Detecting the underplay of a MiTM attack is a tricky trade. There can be a few red flags here and there, but you can never be sure what’s happening in the background. Yet, you can help your team stay alert about these signs:
- Make sure the URLs start with ‘HTTP’ and not ‘HTTPS’. Hackers can have access to your internet connection and the traffic coming from your device and they just need to trick you to get the information needed.
- Repeated disconnections and interruptions in the application are a sign of something fishy going in the backyard of your network.
- Getting unknown addresses in the URL or intrusive pop-ups that the criminal might have inserted as part of their MITM attack.
- When there are unexplained delays in loading pages or applications, it indicates a probable MiTM attack is underway.
Prevention is better than the cure
Enterprises are working towards bolstering their preventive techniques to minimize the MiTM attacks by utilizing the best software tools available. If we have learned anything over the last decade, it is that simply trying to stop attackers from getting into systems is futile. We can only do enough to stop low-level attacks. For the advanced attacks that businesses now face, organizations have to step up the prevention plans.
There are a few obvious steps you must add to your rule book for strengthening the cybersecurity and traffic networks:
Secure WiFi and VPN
Always avoid using public WiFi for information-sensitive websites and systems. Instead, employ a secure VPN connectivity for all your devices to encrypt information and secure the network. For WiFi connections, experts recommend using a strong encryption mechanism such as WPA2(AES) as old router protocols like WEP make your router vulnerable to security threats.
There are browsers that show a padlock icon in the URL field as an indicator of a secure site. In simpler terms, HTTP tends to transmit your data in plain text, and HTTPS is a secure connection you should be using.
Strengthen Training
Organizations are investing in training the teams about cybersecurity best practices. Executing policies like Zero Trust and workshops around the hygiene of security help the team to stay afloat. But above all, businesses should always assume that a breach can happen anytime. They must be trained to have an instant response to the attack if and when it happens. Educating yourself on the latest safety guidelines and staying on top of them is the best tool. As an enterprise or an individual, we should take the responsibility of staying ahead of the offenders.
Our Cybersecurity Specialist at National Security Services Group, Mohammed Aadhil Ashfaq believes ‘you can implement cybersecurity controls and compliances but if your employees are not aware of cybersecurity awareness, they will be the victim of cyberattacks, especially social engineering. More than 80% of attacks are via social engineering.’’
Invest in Tools
Invest in multi-factor authentication to minimize the risk of MiTM attacks as it makes it difficult for hackers to breach multiple layers of security. Businesses can additionally implement PGP/GPG encryption systems, too. However, always test and re-test the capabilities of the tools, consistently monitor the mechanisms and ensure that they are able to hold/report threats. ‘Hackers are smart, they can easily bypass the AV and in most organizations, firewalls are not configured securely.’’
The infamous Colonial Pipeline hack only took a compromised username and password not protected by multi-factor authentication to disrupt gas supplies. And since then industries are grappling with the growing threat of cyberattacks.
MitM attacks have become a useful tool in attackers’ arsenals. Minimum investment and effort help them reach more targets quickly and easily. And with more devices connected to more networks, the opportunities for attackers to use MitM techniques also increase. Midsize businesses are often at the receiving end of such attacks as they are considered soft underbelly. What makes them an appealing target is the misconception that midsize businesses do too little to strengthen their cybersecurity.
The well-known consequences of cyber attacks from data breaches, unwarranted information access, to financial losses can shake the foundations of any business. And as Aadhil stresses, ‘there is no quick fix in cybersecurity, if someone says quick fix then it’s a complete compromise of security. The main strategy of cybersecurity is compliance and policies.’
Thus, be aware of the red flags of a MitM attack and have detection methods and response plans in place for your organization.
Sign up for our newsletter and receive regular updates from the cybersecurity world!
