April 3, 2019 at 16:07 #2566
A man in the middle (MITM) is a type of cyber attack where a malicious person infiltrates a conversation between two parties and impersonates the two parties so that he gains access to information the two entities would relay to each other. The attackers can send and receive information meant for a different party or not intended to be sent at all. Man in the middle attack can go undetected for long.
How does man-in-the-middle attack work?
Man in the middle is among one of the oldest forms of cyber attack. In MITM, an attacker sits between a victim and a legitimate host that is trying to send information to the victim. The hacker in the MITM attack usually observes or manipulates the data between the client and host. The attack could be established by creating fake networks that lure victims into connecting or compromising a legitimate network. The attacker then strips off any available encryption from the compromised network to steal or redirect the traffic to the attacker’s destination choice. Since hackers can be silently re-encrypting or observing the compromised network, MITM attack can be difficult to detect.
MITM consist of many techniques that malicious people leverage depending on the target and the goal of the attack. For Example, in SSL stripping, the attackers start an HTTPS connection between them and the server. They, however, establish an unsecured connection between them and the user. This means information is sent to them in plain text without encryption.
Attackers like to establish a rogue access point, especially in public areas. This connection resembles the legitimate network and people can easily create a connection through it. In a banking setup, an attacker can see when a victim is initiating funds transfer and alter the destination account number or the amount being transferred.
Although MITM attacks often require proximity to the target, it is also possible to interfere with the routing protocols. The attackers advertise themselves on the internet and allude to be in charge of the IP addresses. The internet routes the IP addresses to the attacker giving them the privilege to observe or control your online activities.
What is a man-in-the-browser attack?
A man in the browser (MITB) attack is a form of MITM attack where a malicious person injects himself in the communication between two trusting parties by compromising a browser used by one of the parties. The attacker intercepts the communication to eavesdrop, steal or tamper with information. MITB attack is majorly carried out to manipulate online baking information.
To compromise the browser, attackers take advantage of its vulnerabilities. When the hacker gains access, they inject malware to the victim’s browser. The injection process can be done through phishing. Phishing happens when a fraudster sends an email to the target victim appearing to be a legitimate email from the source. If the user clicks the email or opens an attachment in the email, the malware is automatically loaded to the browser without the user’s knowledge.
According to how the attacker has designed the malware, it can spy information exchange between the user and the host.
Types of man-in-the-middle-attack
A Domain Name Server (DNS) spoofing is a technique that forcefully directs a user to a fake website rather than the intended one. A victim of DNS spoofing can think they are in a safe browsing activity while they are unknowingly interacting with a fraudster. The goal of the attacker is to deviate the victim to a rogue site so they can get vital information like login data or financial details.
Every device that connects to the internet has an Internet Protocol (IP) address. It works like the street address of your home. IP spoofing is a cyber attack technique used by attackers to gain unauthorized access to other machines by illicitly impersonating another machine through manipulating IP packets. The attacker can trick a victim into thinking they are interacting with someone they are not. The victim ends up sharing information they would otherwise not have given out.
When your gadget connects to an unsecured server, identified by HTTP, the server can redirect you to a more safe version of the server, specified by HTTPS. A secure connection means all the standard security protocols are adhered to, protecting the information shared with that server.
Secure Sockets Layer (SSL) is a protocol that establishes an encrypted link between the browser and the server. In an SSL attack, the fraudster uses a different computer and a secure server to infiltrate all the information passing through the server and the user’s computer.
Anytime you are browsing, and the URL starts with HTTPS, it is an indication that you are on a secure website. A fraudster can trick your browser into believing it is visiting a safe site when it is not. The attacker then redirects the browser to an unsecured website to monitor your behavior. He can then steal sensitive information which the user shares in the rogue site.
Stealing browser cookies
A stolen cookie can pose a great security risk to a user. A cookie is a piece of information stored by a website on your computer. An online retailer can store the personal information that you supplied together with shopping cart items which you selected, so there is no need to re-enter the info while you resume your shopping.
Since the cookies carry information like your browsing history, cybercriminals can hijack them to get hold of your passwords, payment details, and other delicate details.
Fraudsters can establish Wi-Fi connections with genuine-sounding names similar to neighboring businesses. Once a victim connects to the attacker’s network, the attacker can monitor their online behavior and be able to obtain payment details, login credentials, and other vital information.
Most of the times, cybercriminals target bank and other financial institutions’ email accounts. Upon gaining access, they track the financial transactions between the institution and the customer. The fraudsters then spoof the bank email address and send their instructions to the customer. The customer is lured into thinking the email originates from the bank. If the customer is convinced, they may end up sending money to the attacker.
How to protect yourself from a man-in-the-middle attack
There are many available tools that attackers can leverage to execute man-in-the-middle attacks. The user, therefore, needs to take the necessary security mechanisms to protect themselves from such attacks.
Always ensure you are browsing from a secure website. As highlighted before, secure websites have an HTTPS connection protocol.
Be alert about unfamiliar emails with unexpected attachments. Today, the email is one of the key ways that attackers are using to lure victims to their trap. Before opening any email, ensure you know the sender.
If possible, never establish a connection to public routers. It is advisable to connect via Virtual Private Network whenever you are using a public connection. A VPN encrypts your information when you are using public connections to preserve data privacy. It guarantees no spoofing of sensitive information like credit card details or login credentials.
A strong anti-malware is necessary to protect yourself from MITM attacks. Malicious people use malware to launch MITM attacks. You should, therefore, have a reliable anti-malware to counter any threat posed by the attackers. Also, ensure it is always updated since the attackers are constantly looking for loopholes in the anti-malware to launch the attacks.
Ensure your home network is secured. To minimize the chances of MITM attacks, update all default passwords and use strong passwords to prevent an attacker from taking over your home Wi-Fi router.
Using a firewall can significantly reduce the chances of a MITM attack. A firewall filters the information coming from the internet connection to establish any unfamiliar trends. When you are using public Wi-Fi, it is vital to have a firewall in your device.
April 4, 2019 at 08:12 #2571
- This topic was modified 7 months, 2 weeks ago by Samuel Gichichi.
This is an interesting read Samuel.
Man in the middle attacks are just as interesting as they are scary. It reminds us that we live in a world where we have very little control over our own communications. MitM attackers can cause significant damage if they want to. The kind of information they get access to while listening in on other people’s communications makes them very powerful and dangerous.
And although MitM attacks can be protected against with encryption, successful attackers will either reroute traffic to phishing sites designed to look legitimate or simply pass on traffic to its intended destination once harvested or recorded, meaning detection of such attacks is incredibly difficult.
Keep up the good workAugust 27, 2019 at 16:00 #5365
It’s been featured on our medium: https://medium.com/@cybersecurecentral/what-is-a-man-in-the-middle-attack-and-how-to-stay-safe-from-our-forums-3bba5301f526
You must be logged in to reply to this topic.