So much of what we do as businesses in this digital age is based on trust. Our clients place their trust in us to provide services and deliver on our promises. Our humans place trust in each other, in their colleagues, in their leadership, in their company as a whole to provide the support, salary and fulfilment that they need from their jobs. And as business, we trust our partners and our suppliers to support us in turn. Without trust, no business would be able to operate effectively.
But it’s this very trust that attackers often use to their own advantage. And a perfect example of this is with a Man in the Middle attack, where a cybercriminal takes the trust that you place in websites, colleagues and your technology, and turns it on its head.
What is a Man in the Middle Attack?
If you grew up in South Africa, it’s highly likely that in your childhood you played a game called Piggy in the Middle. If you grew up in the States, you may know it as Keep Away. Basically, a ball gets thrown between two people, and someone stands in the middle trying to catch it. And the fundamentals of a Man in the Middle (or MITM) attack work in the same way.
You are trying to send data – to a network, cloud solution, website or contact – and someone is ‘standing’ in the middle, trying to intercept the information. If they manage to ‘catch’ the data that you’re transmitting, from there they can use it in a number of different ways.
If you were trying to visit a trusted website, an attacker can redirect you to an almost identical ghost site of their own creation, encouraging you to login. Only, your login details won’t be sent to the site you intended. They’ll be sent to the attacker instead, providing them with access to your accounts.
If you were trying to send an email, they could reply, impersonating the contact that you were trying to get in touch with. From there, they could use the trust that you place in the person you think you’re speaking to, which could lead to deposit fraud, phishing mails, social engineering, and more.
As you can tell from the Man in the Middle attack definition, the consequences are a lot direr than the average game of Piggy in the Middle.
How does MITM work?
Now that you know a little bit more about what a Man in the Middle attack in cyber security entails and how they can impact your business, you may be wondering how exactly an attacker can intercept your data or, in essence, how they come to be in the middle.
One common MITM attack example is when attackers take advantage of insecure wireless networks. Because public Wi-Fi networks are usually designed to allow anyone internet access, they are often less secure. Some of them won’t be password protected, for example, which make the networks easier for users to connect to, but also make them more vulnerable to attack. This is what makes them such an ideal platform for a Man in the Middle attacker – they can gain access to the network and can eavesdrop on traffic that is being sent across it, all without anyone being aware of their presence.
From there, they wait until they have the right target. Who the right target may be will depend on what their intentions are. In one man in the middle attack example, cybercriminals who formed part of the DarkHotel group took advantage of insecure hotel wireless networks to gain personal information and user credentials for politicians and government officials, even installing ransomware onto their devices to gain further access down the line.
But just because DarkHotel targeted prominent figures in particular, that doesn’t mean that the average user is safe and sound. Any user’s credentials can be taken advantage of, giving attackers access to, for example, company platforms or email addresses, which can then be used to gain further access or commit deposit fraud.
What are the types of MITM Attacks?
If you’ve read this far, you’ve likely noticed that there are a number of different ways a Man in the Middle attack can take place. From Wi-Fi eavesdropping, to email interception, to IP or DNS spoofing, it’s important to understand where your vulnerabilities lie, to ensure that you are protecting yourself as thoroughly as possible. These Man in the Middle attack examples will help you with MITM attack prevention:
- Wi–Fi Eavesdropping
Of all the different types of MITM attacks, Wi-Fi eavesdropping is the most popular. This is where an attacker will either gain access to data that is transferred across an unsecured wireless network, or even set up their own wireless network, encouraging users to access it, and monitoring their actions while they’re connected.
- Email Hijacking
It all starts with an email being intercepted. Whether it’s over an insecure wireless network, or thanks to an email address being hacked, the result is the same. Once an attacker has access to all of the communication between two people, it’s all too easy for them to simply redirect a mail, changing some of the details within, to ensure that a payment intended for one recipient is transferred to a different bank account instead. This is known as deposit fraud, and a Man in the Middle attack is one of the leading causes, since the mails and invoices look identical to what the real company or individual would send.
- DNS and IP Spoofing
You think you’re on the right site. You typed in the domain name, and everything looks as it should. But when you type in your username and password, nothing happens. Or it throws an error.
What’s really happened is known as DNS or IP spoofing, where an attacker has made their own copy of a popular site, like Facebook, PayPal or FNB, and has redirected your traffic to their own version, rather than the real thing. These websites are designed to fool even those who work for the companies. They are practically identical to what you’d expect to find, making it exceptionally difficult to recognise when DNS or IP addresses have been spoofed, and you’re on the wrong site.
But, once again, there are often small hints that can help you avoid a Man in the Middle attack. For example, the site is less likely to be secured, indicated by an HTTPS in the URL and a lock in your browser’s search bar. There may be small spelling or grammatical errors, or the formatting may not be quite right.
How Can You Prevent a Man In The Middle Attack?
With so many different ways that a Man in the Middle attack can take place, is there any way that you can protect yourself against them? There are certainly MITM protection measures that will make it more difficult for attackers to intercept your traffic and communications, or to log into your accounts even if they manage to get your user credentials. Let’s take a look at just 5 Man in the Middle attack prevention techniques:
1. Don’t Use Public Wi-Fi
I know, I know. It’s extremely convenient to log in while you’re at a café and check your emails. And when the café or hotel or conference centre isn’t charging you for data, what a treat! But without knowing how the wireless network is set up, and without your data being secured or encrypted, the risk of a Man in the Middle attack is just too great to chance it.
2. Do Use A VPN
The one exception to the rule of not using public Wi-Fi is when you have access to a VPN. This adds a layer of protection to any data that you transmit over the network, placing the information security in your own hands, rather than those of the café owner.
3. Do Use Windows Defender
A security tool like Defender for Microsoft 365 is so much more than just an anti-virus. It is a critical email security tool that scans emails, warning you before you open unverified attachments or potentially malicious links. If can also help you to…
4. Train Your Teams
One of the best defences that you have against cyberattacks, Man in the Middle attack or otherwise, is training. If your teams are well trained, understanding what various attacks involve and how they can protect themselves against them, then they are in a far better position to keep their own devices secure, and to protect your business as well.
5. Put Multi-Factor Authentication In Place
With MFA enabled, even if an attacker does gain access to your login credentials, they still won’t be able to get into your account. A password will be sent to your phone or email address, or you may be asked for your fingerprint, before you’ll be able to successfully log in. And this extra step may seem like a small one, but it’s a layer of protection that a Man in the Middle attacker is likely to have access to.
How Can Solid Systems Help?
That training that I mentioned earlier? The tools like Microsoft Defender for Microsoft 365 and multi-factor authentication? These are just part of the comprehensive IT support that we provide as part and parcel of our Managed IT services.
Your cyber security makes all the difference to us. At Solid Systems, we have a thorough understanding of the types of cyber attacks that are out there, including how to avoid and detect a Man in the Middle attack, and are dedicated to making sure that businesses like yours are protected against them. From pro-active monitoring of networks and servers to restrict unauthorised access, to secure cloud storage services, to disaster recovery plans that make sure you’re covered if anything ever does go wrong. When you work with Solid Systems, you can trust that you’re in good hands, with IT pros who are always upskilling themselves and keeping themselves up to date with the latest technologies, best practices and security techniques.
So what are you waiting for? Whether you’re looking for an IT company in Johannesburg, an IT company in Cape Town, an IT Company in South Africa in general, or an international IT company that you can trust, get in touch with us today and find out how we can help you step confidently into the future.