A Man-in-the-Middle (MitM) attack is when an attacker intercepts communication between two parties either to secretly eavesdrop or modify traffic traveling between them. Attackers might use MitM attacks to steal login credentials or personal information, spy on the victim, or sabotage communications and corrupt data.
MitM attacks are one of the oldest forms of cyber-attack, and computer scientists have been looking at ways to prevent bad actors tampering or eavesdropping on communications since the early 1980s.
How MitM attacks work
An MitM attack requires someone to be virtually present between the connection of two parties to observe them or manipulate traffic. This is achieved either through interfering with legitimate networks or creating a fake network which can be controlled by attackers.
MitM attacks are implemented through interception and decryption.The hacker first intercepts a user’s network before reaching the target destination. The most common method to execute this step is for the attacker to perform a passive attack making malicious Wi-Fi hotspots available for free to the public. Once the victim connects to such a fraud hotspot, the attacker has access to any kind of online data exchange. After the interception process, any two-way TLS traffic can be decrypted without alerting the user or application.
Types of MitM attacks
MitM attacks encompass a broad range of techniques and potential outcomes, depending on the target and the goal. The table below provides a short description of various MitM hack methods.
Why are MitM hacks so dangerous?
With increased business mobility and use of open Wi-Fi, the consequences of an MitM attack can be quite serious. For example, in the banking sector an attacker could see that a user is making a transfer and change the destination account number or the amount being sent. In addition, threat actors could use Man-in-the-Middle attacks to harvest personal information or login credentials. Further, attackers could force compromised updates that install malware. Given that they often fail to encrypt traffic, mobile devices are particularly susceptible to this scenario.
The proliferation of IoT devices poses yet another challenge with regards to the execution of MitM hacks. The lack of security in many devices means the growth in IoT could present an increase in MitM attacks and either send false information back to the organization or erroneous command and control instructions to the devices themselves.
IoT devices tend to be more vulnerable to attack because by design they do not implement TLS or rely on older versions of it that are not as robust as the latest version.
Man-in-the-middle attack prevention
Although MitM attacks are not as common as ransomware or phishing attacks, they do present a credible threat for all organizations. The sophistication required to launch such an attack deters cyber attackers from using this vector when they have the alternative of carrying out the same objectives in simpler ways, such as installing malware or exploiting compromised credentials.
The use of encryption protocols such as TLS is the best way to help protect against MitM attacks. The latest version of TLS 1.3 has become the official standard since August 2018. Greater adoption of HTTPS and more security warnings by the browsers have reduced the potential threat of some MitM attacks. In 2017 the Electronic Frontier Foundation (EFF) reported that over half of all internet traffic was encrypted and Google indicates that over 90 percent of traffic in some countries is now encrypted. Major browsers such as Chrome and Firefox also warn users if they are at risk from MitM attacks.
Below is a list of best practices to help businesses and individuals prevent MitM attacks:
- Use multi-factor authentication wherever possible. Although not a panacea, adding an extra layer of difficulty will deter criminals from targeting your assets
- Maximize network control and visibility and implement network segmentation based on the least-privilege principle
- Manage and protect your TLS certificates and keys effectively to avoid exploitation of compromised or expired certificates
- Be wary of potential phishing emails from attackers asking you to update your password or any other login credentials. Instead of clicking on the link provided in the email, manually type the website address into your browser
- Never connect to public Wi-Fi routers directly, if possible. A VPN encrypts your internet connection on public hotspots to protect the private data you send and receive while using public Wi-Fi, including data like passwords or credit card information
- Be sure that your home Wi-Fi network is secure. Update all default usernames and passwords on your home router and all connected devices to strong, unique passwords.
Why focus on threat intelligence?
In our rapidly evolving connected world, it is important to understand the types of threats that could compromise the confidentiality and integrity of personal and business sensitive information. Stay informed and make sure your devices are fortified with proper security. Learn more about machine identity management by contacting the Venafi experts.
(This post has been updated. It was originally published on October 12, 2020.)