The Hidden Threat: What is Man-in-the-Middle?
How many cyberattacks has your Security Awareness Training taught you to identify? It’s not always about recognizing suspicious activity on the network or learning how to flag phishing messages. Some cyber-threats lay in wait for you to wander into their trap, and before you realize it, you’ve personally spilled your private information to a bad actor.
A very common way that this plays out in the real world is through man-in-the-middle attacks.
What are MitM Attacks?
By infiltrating a trusted, legitimate website, cybercriminals are able to “eavesdrop” on your activity there. That way, you enter your own log-in credentials like you’ve done so many times before – not knowing that this time, someone else is looking in on everything you type. These are called man-in-the-middle attacks because they are positioning themselves between you and the server or site you’re trying to access.
There are 7 types of MitM attacks.
- DNS Spoofing. Domain Name System is what translates unique IP addresses from number sequences to memorizable names, i.e. Google instead of 0123456789. By spoofing their DNS, they can redirect traffic to their fake website set up to steal your data.
- HTTPS Spoofing. Before a website’s URL, you’ll notice the letters HTTP or HTTPS. The S means that the site is Secure; but with this kind of man-in-the-middle attack, hackers convince your browser that an unsafe site is HTTPS-certified when it isn’t.
- IP Spoofing. When you connect to the Internet, you’re assigned an internet protocol (IP) address that connects your device to its geolocation. By spoofing their IP, cybercriminals pretend to be a reliable website so that you’re more likely to divulge private information to them.
- Email Hijacking. Instead of targeting you, the hacker first goes after the emails of a legitimate business, like your bank. Then they can read and copy the language of their usual customer messages, so their spoofed domain name can more effectively trick you into sending money or information.
- SSL Hijacking. Secure Sockets Layers encrypts your connection to a secure HTTPS webpage. When cybercriminals spy on your interactions with the server, they hijack the SSL – hence the name.
- WiFi Eavesdropping. People connect to random WiFi networks all the time when they need to look something up on the go. When users connect to fake WiFis set up by cybercriminals, they can monitor ALL of your online activity until you disconnect.
- Browser Cookie Theft. By accessing the data in your stored Cookies, hackers can discover any passwords and other private information you might have saved to autofill!
Where Am I Most Likely to Find MitM Threats?
Financial sites are most likely to become compromised by a man-in-the-middle attack, because those credentials are the most direct way into your bank accounts. From there, cybercriminals can transfer funds freely to their own offshore accounts or even use that information to affect your credit and steal your identity.
However, that does not mean that your favorite banking app is the only possible place for an invisible trap to lay in wait. Any site that requires you to log in may be a target for MitM threat actors who want your account information.
How to Avoid MitM Attacks
Multifactor authentication is the best defense for your accounts. Even if a hacker acquires your username and password, they would also have to have a secondary form of identification to get into your profile. Meanwhile, you receive an alert about unauthorized attempts to log in and can take action to change your credentials ASAP.
Encrypted communication and virtual private networks (VPNs) are also used to hide online activity from trackers and spies. In the meantime, be careful what public networks you use and where you go online so you don’t accidentally hand over your log in credentials to an invisible observer.
Conclusion
Man-in-the-middle attacks pose a unique danger compared to most cyber-threats you may be have been warned about. The hacker lays a trap and waits for people to walk into it, like a spider and its web, instead of reaching out to you first. That ensures added trust which makes you more likely to hand over delicate data without blinking an eye.
Nonetheless, you can squash the proverbial bug by practicing cyber-safety every day! Familiarize yourself with what legitimate sites look like, employ additional defenses on each of your Internet-connected devices, and follow our blog so no hacker stands a chance of breaching your accounts.
References