Let’s go back to the 20th century. You’re trying to have a private conversation with your high school crush on the phone when your younger sibling picks up the phone to eavesdrop. You didn’t know they were listening, and they make fun of you after they hang up. Eavesdropping is very common in the hacker world. One of the oldest forms of eavesdropping is the man-in-the-middle (MitM) attack.
A man-in-the-middle attack is when a hacker intercepts the communication between two parties to eavesdrop or change network traffic between the two parties. With MitM attacks, hackers will attempt to steal login or personal information, spy on someone, or disrupt communications or corrupt files.
In this blog, we will dive into how MitM attacks work, some common types of these attacks, and how to limit these attacks from happening to you or your business.
How Do MitM Attacks Work?
A man-in-the-middle attack usually requires three players: the victim, the target or device the victim is trying to communicate with, and the hacker, or the “man in the middle”. With MitM attacks, the victim is not aware the hacker is there.
An employee on your team receives an email that looks like it came from your company bank. The email is asking the employee to log in to confirm contact information. The staff member clicks on the link and enters in their login information, thinking it is the bank’s website.
In this example, the “man in the middle” sent the employee the email, making them believe it was real. This would be the victim communicating with the target (their email client), and the MitM interrupting that connection through a phishing attempt.
The hacker also created a website that looks exactly like your company’s bank page, so the staff member would not question it. The MitM attack is complete because now the hacker has access to the employee’s login credentials.
Common MitM Attacks
Hackers can gain control of devices or networks using MitM attacks in many ways. In this blog, we will focus on three common attacks: IP spoofing, Wi-Fi eavesdropping, and browser cookies.
Any device that can connect to the internet has an internet protocol (IP) address. By spoofing an IP address, hackers can trick you or your staff into thinking you are communicating with a website or another employee, like in our banking example from earlier.
These days, remote work is more common than ever. It is very likely you or your team might need to access work files in a public place like a Starbucks or a hotel. These businesses usually have Wi-Fi connections with public access, and they usually do not require secure passwords or logins.
Hackers love situations like this. Through Wi-Fi eavesdropping, a hacker will attempt a MitM attack by setting up Wi-Fi connections that have legitimate names. These names will most likely be like the nearby business.
The idea is to simply trick the user into thinking the Wi-Fi connection is legit. Once an employee connects to the hacker’s Wi-Fi connection, the attacker will be able to monitor the employee’s online activity, login credentials, credit card information, and anything the staff member may use while online.
Since the Internet is a necessity in most jobs these days, it is expected that you and your team will have a large number of browser cookies stored up from surfing the web. A browser cookie is a small piece of information a website stores on your computer.
Your team may need to purchase items through an Amazon Business account. Amazon will store the personal information your employees enter for next time, so they don’t have to enter it again.
Since cookies store so much personal information, hackers can take advantage of this. Cybercriminals can use many tools to hijack browser cookies from your staff to gain access to passwords, an address, or any other sensitive information.
How to Prevent MitM Attacks
With the many tools that cybercriminals have at their disposal to carry out a MitM attack, you should make sure that your team practice safe web browsing. Your and your team should make sure that you are wary of any emails asking for login credentials or personal information. These may be phishing attempts. Instead of clicking the link directly in the email, type in the URL into a browser.
When accessing any website, you should make sure that the website has a secure protocol. Make sure that the website includes “HTTPS” – the S is important – in the URL bar. Websites that include “HTTP” may not be secure and could be a potential risk. Most web browsers will put up a warning telling you the site is "not secure" if it uses HTTP.
If you or your team must access a public network, try not to log into them directly, if possible. Your IT team should provide a virtual private network (VPN) to your staff to help protect private data. A VPN encrypts your internet connection on public Wi-Fi.
MitM attacks are becoming easier to defend. With most sites running on HTTPS, and logins with multi-factor authentication, it is becoming more difficult for a hacker to access sensitive information. You and your staff must become skilled at recognizing the common ways criminals try to access data. Your IT team should have network security measures in place to make accessing data away from the office easier.
As more and more devices become “smart,” they do not have the same security standards as other devices, making them more vulnerable. Attackers use these devices as a way into an organization’s network so they can move to other techniques. The smart fridge with Wi-Fi in the break room might be a security threat!