What is MITM?

This is a type of attack in which the intruder secretly relays and potentially switches contact between two people that think they are dealing directly with each other. Aggressive eavesdropping is an example of an MITM attack, in which the attacker establishes separate communications with the victims and enables the communication between them, giving the impression that they are speaking directly with each other over a private channel while, in fact, the attacker is controlling the whole conversation.

The intruder must be able to decrypt and insert all related messages sent between the two victims. In certain cases, this is straightforward; for example, an intruder within range of an unencrypted wireless access point (Wi-Fi) may act as a man-in-the-middle.

How it works?

One of the oldest forms of cyber-attack is the MitM attack. Since the early 1980s, computer scientists have been researching ways to deter security agents from tampering with or eavesdropping on messages.

Depending on the aim and goal, MitM can encompass a wide variety of techniques and outcomes. For example, SSL stripping occurs when an attacker establishes an HTTPS link with the server but an unprotected HTTP connection with the recipient, resulting in detail being transmitted in clear text without encryption. Evil Twin attacks look and function like legal Wi-Fi connection points, but they are completely managed by malicious hackers, who can now track, store, and exploit all data sent by the recipient.

These attacks may be carried out for spying, financial gain, or simply to cause disruption. Depending on the attacker’s objectives and ability to inflict havoc, the harm done will vary from minor to major.

While most Wi-Fi or physical network attempts necessitate proximity to the user or targeted network, routing protocols may also be compromised remotely. Attackers will advertise themselves as the owners of these IP addresses on the internet, and the internet can then route these IP addresses to the attacker, allowing them to perform man-in-the-middle operations once again.

Types of MITM

Cybercriminals use MITM attacks to gain control of devices in a variety of ways.

SSL hijacking

When your connection is established to an unsecure server (denoted by the letter “HTTP”), the server can always redirect you to the secure version (denoted by the letter “HTTPS”). When you connect to a protected server, you can be assured that basic authentication measures are in place to protect the information you exchange with that server.

Secure Sockets Layer (SSL) is a protocol that creates secure connections between your browser and the server.

An SSL hijacking occurs where an attacker uses a different computer and a protected server to intercept the data flowing between the server and the recipient’s computer.

IP spoofing

Any computer that can connect to the internet is assigned an internet protocol (IP) address, which is identical to your home’s street address. An attacker can fool you into believing you’re dealing with a website or someone you’re not by spoofing your IP address, potentially allowing the attacker access to information you wouldn’t otherwise disclose.

Email hijacking

Organizations and other organization’s email addresses are often targeted by cybercriminals. They will track anything that happens between the institution and its clients once they have gained access. The attackers would then give their own orders to consumers by spoofing the company’s email address. This persuades the client to obey the attackers’ commands instead of the organizations.

DNS Spoofing

DNS spoofing, also known as domain name server spoofing, is a tactic that directs a user to a fraudulent site rather than the one they intended to use. If you are a victim of DNS spoofing, you can believe you’re visiting a secure, trustworthy website when you’re really dealing with a scammer. The aim of the attacker is to divert traffic away from the legitimate site or to obtain user login details.

Wi-Fi eavesdropping

Cybercriminals may set up Wi-Fi networks with names that seem very legitimate, such as those of a local company. When a user connects to a fraudster’s Wi-Fi, the perpetrator will track the recipient’s online activities and steal login codes, credit card details, and other sensitive information. This is also one of the many dangers of using public Wi-Fi.

Stealing browser cookies

To comprehend the dangers of stolen browser cookies, you must first comprehend what they are. A browser cookie is a tiny piece of data stored on your computer by a website.

An online retailer, for example, could save your personal details and shopping cart products in a cookie then you would not have to re-enter them when you return.

These web cookies may be hijacked by a cybercriminal. Since cookies save details from your login session, hackers may access your passwords, address, and other sensitive data.

HTTPS spoofing

Whilst doing business over the internet, the use of “HTTPS” rather than “HTTP” in the URL indicates that the website is safe and trustworthy. The letter “S” actually stands for “safe.” An attacker will deceive your browser into thinking it is accessing a secure website when it isn’t. The intruder will track your communications with the website and potentially steal personal details you share by redirecting your browser to an unsecure website.

Man in the middle attack prevention

Blocking MITM attacks necessitates a mix of encryption and authentication methods for programs, as well as many realistic precautions on the part of users.

For users:

Make sure the URL bar of the websites you visit still says “HTTPS” (with the S).

Be cautious of fake attempts from hackers requesting that you change your password or other login credentials. Rather than clicking on the email’s attachment, manually paste the website’s address into your tab.

If at all practicable, avoid connecting directly to public Wi-Fi routers. A VPN encrypts your connection to the internet on public access points to secure the private data you transmit, such as passwords and credit card numbers, when using public Wi-Fi.

You should install a robust internet security solution on your device because MITM attacks mainly utilize malware for implementation.

Make sure your Wi-Fi network at home is safe. Change all the existing usernames and passwords of your home network and all wired computers to something more secure and special.

For website operators:

 By robustly encrypting and authenticating transmitted data, secure communication protocols such as TLS and HTTPS help mitigate spoofing attacks. This protects web traffic from being intercepted and prevents confidential data, such as authentication tokens, from being decrypted.

It is recommended that applications use SSL/TLS to encrypt all pages on their website, not just those that enable users to log in. This reduces the risk of an intruder harvesting session cookies from a logged-in user surfing on an unsecured portion of a site.

Include multi-factor authentication, network visibility and power, and network segmentation.

It is preferable to prevent an attack than to attempt to recover from one, particularly one that is difficult to detect. Many conventional defense appliances are initially unable to detect these threats because they are inherently sly.

Reference:

https://maritimecyprus.files.wordpress.com/2015/06/maritime-cyber-risks.pdf

https://safety4sea.com/three-key-cyber-security-terms-explained/

https://www.imperva.com/learn/application-security/man-in-the-middle-attack-mitm/

https://us.norton.com/internetsecurity-wifi-what-is-a-man-in-the-middle-attack.html

Leave a Reply

Your email address will not be published. Required fields are marked *