Recent Posts

*What is a Man-in-the-Middle Attack*

A MITM attack happens when a communication between two systems is intercepted by an outside entity. This can happen in any form of online communication, such as email, social media, web surfing, etc. Not only are they trying to eavesdrop on your private conversations, they can also target all the information inside your devices.

Taking away all the technicalities, the concept of an MITM attack can be described in a simple scenario. Imagine being brought back to the days of old when snail mail was rife. Jerry writes a letter to Jackie expressing his love for her after years of hiding his feelings. He sends the letter to the post office and it’s picked up by a nosy mailman. He opened it and, just for the hell of it, he decided to rewrite the letter before delivering the mail to Jackie. This results in Jackie hating Jerry for the rest of her life after “Jerry” called her a fat cow. The moral of the story is the mailman is a jerk, and so are hackers.

A more modern example would be a hacker sitting between you (and your browser) and the website you’re visiting to intercept and capture any data you submit to the site, such as login credentials or financial information.

*How Does a Man-in-the-Middle Attack Work?*

Over the years, hackers found various ways to execute MITM attacks and believe it or not, it has become relatively cheap to buy a hacking tool online, just proving how easy hacking someone can be if you have enough money. Here are some common types of MITM attacks your business will most likely encounter:

Email Hijacking
Similar from the case above, hackers who use this tactic target email accounts of large organizations, especially financial institutions and banks. Once they gain access to important email accounts, they will monitor the transactions to make their eventual attack a lot more convincing. For example, they can wait for a scenario where the customer will be sending money and respond, spoofing the company’s email address, with their own bank details instead of the company’s. This way, the customer thinks they’re sending their payment to the company, but they’re really sending it right to the hacker.

It’s not just large companies that can fall victim to this type of attack. A similar situation happened to London’s Paul Lupton. After selling his home, he emailed his bank account details to his solicitor to collect the over £333,000 proceeds, unaware that hackers had accessed his email and were monitoring communications. Seeing a golden opportunity, the hackers quickly sent another email to the solicitor under Lupton’s name saying to disregard the previous email and send to another (hacker-owned) account instead. The transfer went through to the hacker’s account, but fortunately Lupton quickly realized what happened and was able to recover the majority of funds. Unfortunately, most of these attacks don’t have such happy endings. 

Wi-Fi Eavesdropping
Most MITM attacks thrive on Wi-Fi connections. In one approach, hackers will set up a Wi-Fi connection with a legitimate-sounding name. All the hacker has to do is wait for you to connect and he’ll instantly have access to your device. Alternatively, the hacker can create a fake Wi-Fi node disguised as a legitimate Wi-Fi access point to steal the personal information of everyone who connects.                                                                                                                          

Session Hijacking
Once you log into a website, a connection between your computer and the website is established. Hackers can hijack your session with the website through numerous means. One popular option they use is stealing your browser cookies. In case you don’t know, cookies store small pieces of information that makes web browsing convenient for you. It can be your online activity, login credentials, pre-fill forms, and in some cases, your location. If they got hold of your login cookies, they can easily log into your accounts and assume your identity.

*How Can You Protect Your Networks from These Attacks?*

MITM attacks can really overwhelm you just by hearing its basic concept, but that doesn’t mean they are impossible to avoid. PKI technology can help protect you from some of the types of attacks we discussed above.

Secure/Multipurpose Internet Mail Extensions, or S/MIME for short, encrypts your emails at rest or in transit, ensuring only intended recipients can read them and leaving no spaces for hackers to slip their way in and alter your messages.

Additionally, S/MIME lets you digitally sign your email with a Digital Certificate unique to every person. This ties your virtual identity to your email and gives your recipients the assurance that the email they received actually came from you (as opposed to a hacker who access your mail server). You can see how this could have been helpful in the Europol example discussed earlier. While the hackers had access to the companies’ mail servers, in order to digitally sign the messages, they would have also needed access to employee private keys, which are generally securely stored elsewhere. Standardizing on digitally signing messages and educating recipients to only trust messages from your company that have been signed can help differentiate legitimate emails from those that have been spoofed.

Authentication Certificates
Hackers will never go away, but one thing you can do is make it virtually impossible to penetrate your systems (e.g. Wi-Fi networks, email systems, internal networks) by implementing Certificate-Based Authentication for all employee machines and devices. This means only endpoints with properly configured certificates can access your systems and networks. Certificates are user-friendly (there is no additional hardware to manage or much user training needed) and deployments can be automated to make things simple for IT and make them hackers split their hair, as the cool kids would say.

*What is a Man-in-the-Middle Attack* *What is a Man-in-the-Middle Attack* Reviewed by Shirley Bloggastron on 7:19 PM Rating: 5

No comments:

Note: Only a member of this blog may post a comment.


Powered by Blogger.