What is Man in the Middle Attack?
A man-in-the-middle attack is a form of eavesdropping attack in which the cyber criminal intercepts the existing conversation or data transfer between the two parties. This attack involves three players. One is the victim, the other is the party with which the victim is trying to communicate, and then there is the hacker.
This attack proves to be very lethal and also the success rate is high because the victim thinks they are receiving the correct information, not being aware of the man in the middle.
Usually, the purpose of the attack is to steal personal information such as login credentials, bank details, etc. And the targets are mostly e-commerce sites or sites where logging in is required.
Furthermore, cyber criminals can use the stolen data for various purposes such as identity theft.
Types of Man in the Middle Attacks
In this attack, cyber criminals impersonate a website address record within a DNS server. Therefore, the victim trying to access the site is sent to the fake website that the malicious actors created to steal the user’s information.
This technique is similar to DNS spoofing, however, in IP spoofing cyber criminals spoof an IP address. This enables the hackers to trick the users into thinking they are interacting with a legitimate website. As a result, the victims end up providing personal information which otherwise they wouldn’t have shared.
ARP spoofing is also known as Address Resolution Protocol spoofing or ARP poisoning. In this man-in-the-middle attack, cyber criminals can intercept and modify the conversation between the two devices. ARP is a communication protocol that helps in finding the MAC address of a particular device whose IP address is identified. So, when a device tries to connect with another device, it uses ARP to find the MAC address. So, in ARP spoofing cyber criminals forge these ARP packets.
In wi-fi eavesdropping, cyber criminals can set up a public wi-fi connection with a name that sounds legitimate. For instance, using the name of a business place nearby to make it look like the business is providing a free wi-fi connection.
Once the victim connects to the wi-fi, cyber criminals can monitor the victim’s online activity. This results in the interception of personal information such as login credentials, bank account details, card information, and much more.
When visiting a website, if we see “HTTPS” in the URL, it tells us the website is secure. The last character “S” stands for “Secure”. However, a malicious actor can trick the user into thinking that they are visiting a trusted website when it’s not. For this, cyber criminals register a domain name impersonating the legitimate domain. Moreover, they also register its SSL certificate to make the website appear legitimate and secure.
Just as cyber criminals target websites of reputed brands, they can target financial firms’ email accounts. Once they get the access they can also monitor the transactions between the customer and the financial firm. Furthermore, hackers can spoof the firm’s email domain to send fake instructions to the customers and extract money.
When a user connects to an unsecured server indicated by HTTP, it often redirects them to a secure version of the server indicated by HTTPS. However, in SSL stripping cyber criminals intervene in this redirection from HTTP to HTTPS and place themselves between the user and server. As a result, cyber criminals can intercept all the sensitive information passed between the user and the server.
How to Prevent Man in the Middle Attack?
So, now the question is how do we prevent this cyber attack that can steal our valuable information? Well, there are several ways to defend man-in-the-middle attack and some of them are mentioned below:
- An organization should implement a cyber security policy that restricts employees from using the public network for official use.
- Create an internal private network for official use
- Make sure your employees visit the website with HTTPS on the URL bar
- Set up a strong password policy. Strong passwords should be a combination of upper and lower case letters along with symbols and numbers
- Implement multi-factor authentication to get an alert notification when someone tries to log in to the account
- Educate your employees to make them aware and avoid such cyber attacks
- Defend your email domain against forgery by monitoring SPF and DKIM, two email authentication protocols. Tools such as KDMARC come in handy to do so.
Click the link below to download the Latest
DMARC Industry Report 2020-2021