Around the world today there is a tangible change occurring, with individuals, companies and governments alike beginning to understand their cyber-safety responsibilities, and propagate better cyber awareness for everyone. However, data from Australia’s Notifiable Data Breaches scheme has indicated that we still have a long way to go. Indeed, over the course of the year, the Office of the Australian Information Commissioner was notified of 964 data breaches, with around 35% being attributed to human error.
A good proportion of these statistics could likely come down to a sense of false confidence among Australians, who believe that a complicated password or a fancy device will be enough to prevent them from falling victim to a cyberattack. However, making this assumption is costing individuals and businesses dearly.
It is important to remember that often, the best protection against cyber-attacks is education and awareness.
What is a Man In The Middle Attack?
A “Man In The Middle” attack (MITM) has three key players: the primary victim, the entity the victim is communicating with, and the bad guy (“the man in the middle”). It is essentially an advanced form of eavesdropping, whereby the hacker takes position between the two victims and intercepts the communication traffic between them. The hacker is then able to read the traffic and pass it on without anyone noticing it has been read. Often, the attacker will take a further step by tampering with or modifying the communications. These MITM attacks enable hackers to steal login credentials and personal information, spy on victims, sabotage communications, corrupt data and more.
There are many varieties of MITM attacks, with the most common outlined below:
The Wi-Fi Attack
The traditional form of MITM attacks, this method involves gaining access to an unsecured Wi-Fi router or setting up a fake Wi-Fi connection, then using it to lure unsuspecting victims. Once victims are connected, the hacker can then deploy further tools that will intercept and decrypt the victims transmitted data. The weak Wi-Fi connections that fall prey to this technique are commonly found in public areas – places with free Wi-Fi hotspots or people’s homes. Hackers can easily locate victims by scanning routers to search for vulnerabilities such as weak passwords.
The Wi-Fi attack can then lead to further cyber-attacks, such as the insertion of tools between the victim’s device and the websites they are visiting, meaning the ability to capture login credentials, banking details and more.
The Browser Attack
Using the well-known method of phishing, MITM attackers can inject malicious software into a victim’s device by sending an email or message to a victim from what appears to be a trusted source such as a bank or a co-worker. However, when the victim interacts with the attachment, malware will be loaded onto the device and will record and transmit the victim’s data to the attacker. Interestingly, in the past year, 153 of the notified breaches around Australia were attributed to phishing.
Email Hijacking
In this method, the hacker targets certain victims and gains access to their email account. Once there, they will silently monitor the correspondence and wait for the perfect moment to intervene. When this moment arrives, they will disguise themselves and slip into a conversation in order to redirect the victim, usually with the aim of having the victim give personal information or money to them rather than the legitimate recipient.
Other forms of MITM attacks include:
- IP Spoofing
- DNS Spoofing
- HTTPS Spoofing
- SSL Hijacking
- Session Hijacking
These attacks have been around for decades, their methods have been tested and refined over the years and their simplicity and human element rarely fail. Despite repeated lessons, people have failed to heed the warnings. In 2017, security researchers found that various banking applications including those of HSBC, Bank of America and Meezan Bank, contained a significant MITM security flaw.
Indeed, just this month an elaborate MITM attack was uncovered, involving a Chinese venture-capital firm and an Israeli startup company, with the attacker stealing a whopping $1 million from a wire transfer between the two.
Going Forward
As cyber threats continue to evolve into sophisticated and widespread attacks, it is vital to take a step back from the technicalities and remember the vital element that many of these attacks rely heavily on to succeed: human error and negligence. Breaking down cybercrime and stripping away the jargon, it can be very simple to protect yourself from attacks by remaining constantly vigilant, educated and informed about traditional techniques, new methods and the common signs of cybercrime. It is not only your responsibility, but also in your interest to do so.
That is why cybersecurity professionals such as Agilient provide in-depth training courses. At Agilient, we offer a course in “Increasing Cyber Security Awareness” (AGINFOSEC001), which addresses various aspects of cybersecurity, including physical and personnel security as they relate to securing data and networks. Other courses, such as “Managing the Insider Threat” (AGILPERSEC001), look at other areas of your company that may leave you vulnerable to cyber threats such as MITM attacks. Security consultants are also experts in analysing your business and locating its weaknesses before the bad guys do, by offering services such as Security Audits and Penetration Testing.
To help your organisation stay informed and fortified from the ground up, contact Agilient today for a consultation with the experts.
Author: Elsa Chapple, Agilient Consultant