A MAN IN THE MIDDLE ATTACK (MITM) is a security exploit in which an unauthorized, third party monitors, intercepts and (in most cases) modifies the communication between two (2) or more separate nodes. This attack, which is sometimes referred to as a Janus, hi-jacking or fire brigade attack, is not visible to the participants of a communication stream. This makes it a modular and extremely dangerous threat in the digital sphere.
How it Works
The first stage in the implementation of a man in the middle attack is to collect as much information on the intended target as possible. This includes, but is not limited to, obtaining email addresses, usernames and any other pieces of information that might prove useful in the long run. Phishing strategies are usually conducted for this step in the attack, which can result in a great deal of necessary and unnecessary information.
A more common method, however, involves the distribution of malware. This almost instantly provides an attacker with user rights and access to the targeted computer’s Internet browser. In turn, a wealth of valuable data is forfeited through data transmissions, interactions and normal operating procedures.
This also makes way for other opportunities, such as redirecting the targeted device to a website that appears to be the same as the original. By preserving its connection to the original site, attackers have access to any transaction or information that is shared. Even before the transmission of information, the attacker is free to alter it during the communication stream. It probably goes without saying that the targets of such attacks are usually banks, e-commerce sites and other large financial institutions.
An Example of a Man in the Middle Attack
Consider an everyday user who receives an email from an address that appears to belong to their bank. This email encourages the user to log into their account to view their balance or statement, or to take some sort of action. The link or button in the email looks the same as it normally would, and the user truly believes they will be directed to their bank’s website if they invoke it.
Clicking or tapping that element, however, leads the user to a counterfeit page that is styled exactly like the bank’s website. Still unaware of the ploy at hand, they provide their details and effectively hand over their credentials to the attacker. This form of man in the middle attack is known as a man in the browser (MITB) attack.
It should be noted that a traditional man in the middle attack does not directly interact with either node in a communication stream. They instead make use of unsecured WI-FI and network connections. An attacker can then proceed to intercept and manipulate user data. This includes decrypting and modifying it as they see fit.
Mitigation of Man in the Middle Attacks
The problem with MITM attacks is that once implemented successfully, detection becomes extremely difficult to achieve. Prevention is the best form of security when dealing with these attacks, as is the case of mostly all forms malicious exploits. The following are measures you can take to prevent MITM attacks:
Make sure your home network is secured by changing passwords regularly and keeping your router’s firmware up to date.
Avoid downloading and/or installing pirated content.
Ensure the websites you visit are encrypted using HTTPS and be careful when adding exceptions to this rule.
Install and use a reputable antivirus (AV) product to prevent malicious programs from targeting your browser and operating system.
Always double-check the sender’s email address and referring URL. This can be done by analyzing the address in the sender’s field, or by hover over the call-to-action (CTA) button or link. Many times, you will find that the URL and email address contains a few extra characters, strange TLD extensions, etc.
When in doubt, ALWAYS avoid clicking on buttons and links, and downloading attachments from the emails you receive.
In an ideal world, two (2) or more standalone nodes would be able to transmit data without danger of interference. But life isn’t perfect and the flexibility of a man in the middle attack makes it a choice strategy among hackers who often used it in conjunction with other malicious attacks. A number of banking apps were found to be vulnerable to MITM attacks in 2017. But by following best practices, you can greatly reduce the likelihood of falling victim to such threats and enjoy safe browsing and user experiences.