A man-in-the-middle attack (MITM) is a form of cyberattack where an attacker intercepts communications between two unsuspecting parties who believe they are communicating together. This is also called a hijack attack.
Before a MITM attack can be successful, the attacker must study the two parties properly and respond satisfactorily to them. Sometimes you won’t be in communication with the other party. In such instances, they can simply assume the identity of the other party who must have been communicating with you before now and then carry out their notorious attacks on you.
An example of Man-in-the-middle Attack is when you open your email, and you notice a supposed mail from your bank telling you about a possible breach, and your details are required to enable them to upgrade their security to keep you safe if you’re unsuspecting enough you might click the link on the mail to a website that looks exactly like that of your bank, and you type in your login details, and they thank you for your cooperation while you’ve successfully handed over your details to them.
In the above example, your bank wasn’t communicating with you at the point, but they’ve had some conversations with you before now. The attacker studies your bank properly-getting everything he/she needs to carry out a successful attack on you. A website is modeled after your bank’s website, the attacker then sets up an interception procedure usually phishing to grab your details and defraud you.
There are two forms of Man-in-the-middle Attack.
- Being physically around to carry out the attack, and
- Doing so through malicious software or malware. This is the same as our example. It is also known man-in–browser attack.
The Man-in-the-middle attack can be carried out in two phases by cybercriminals, namely: interception and decryption. This attack begins by looking for any vulnerable network like public Wi-Fi or router some sometimes unsecured family Wi-Fi and scanning for weak passwords.
Once successful, the attacker sends in tools that can intercept and read the victim’s data. The attacker can also send in more tools that can intercept connections between the victim’s computer and the website visits to snatch any details like personal information, banking information, etc. Then comes the second part into play, decryption.
Stopping at just interception means that either the attacker repented halfway trying to steal from you or just a newbie in the game. Decryption is where the attacker decrypts the encrypted data of the victim.
Man-In-The-Browser Attack, just like our earlier example, requires the attacker to use malicious software, or malware to get into the victim’s PC or mobile device. One of the ways is through an act called phishing.
Phishing is a process through which an attacker gets access to a victim’s computer or mobile device by sending a text message or email that seems to come from a trusted, known source with a link attached. Clicking on the link or opening the mail’s attachment downloads malware onto the device without your knowledge, and the malware goes on to attach itself to the victim’s browser. The malware starts intercepting data sent between the victim and the websites visited and sending the required details to the attacker.
Types of Man-in-the-middle Attack
There Are 7 Types Of Man-In-The-Middle Attacks
- IP Spoofing – The IP (Internet Protocol) address is likened to your home address. In a layman’s term, every device has an address as long as it can connect to the internet. An attacker makes you believe that you’re connecting to a website while your IP has been spoofed, revealing your personal information to the attacker.
- DNS Spoofing – DNS (Domain Name Server) spoofing forcefully redirects you to another website similar to the one you already know but a fake one. It is used for traffic diversion or to capture login details.
- HTTPS Spoofing – HTTPS (HyperText Transfer Protocol) the S means secure. An attacker tends to send you over to trick your browser by using ordinary HTTP to look at your activities on the website you visit and then steal information from you.
- SSL Hijacking – When a server redirects your device from the unsecured HTTP to a secured one. Connecting to a secured server means that all standard security protocols are in place, and encrypted data transmission can be carried out between the device’s browser and the web server using Secure Socket Layer (SSL). The attacker now uses a different computer and a secure personal server to intercept data transmission.
- Email Hijacking – This technique is used to target email of financial institutions, the attacker(s) can then study the behavioral email patterns of these institutions and replicate them. They spoof the email address and send their messages to the unsuspecting customers, and some of them end up giving away their details, thinking it came from their bank.
- Wi-Fi Eavesdropping – Real looking Wi-Fi connection is set up near legitimate businesses. Anybody who connects to the fake Wi-Fi will be monitored by the attacker for bank details, login details, card payment, etc. This is one of the dangers of public Wi-Fi.
- Stealing Browser Cookies – A cookie is a piece of information stored on your browser when you visit sites like Facebook, Amazon, etc. that prevents you from always retyping your details every time you try to access the site. Since cookies contain your information, once hijacked by a cybercriminal, it becomes easier to attack you.
How To Defend Yourself Against Man-in-the-middle Attacks
- Ensure that your browser displays HTTPS and not HTTP.
- Be wary of email or text messages telling you to update your login details, simply type in the required website onto your browser instead of clicking the attached link.
- If you must use a public Wi-Fi or router, use a VPN (Virtual Private Network) to keep you safe.
- Use a trustworthy malware fighter like Norton security or others to keep you safe. Always update them.
- Review the passwords on your home networks, use passwords with a combination of capital&small letters, numbers, and symbols, e.g., ABcde126@#.
As technology increases, so do vulnerabilities, we all need to keep abreast of the latest forms of keeping safe online since virtually everything is being taken over to the internet.