Preventing Man-in-the-Middle Attacks
When it comes to cyber security, sometimes the jargon can feel overwhelming. Ransomware, encryption, man-in-the-middle attacks… The Vaporstream blog has covered ransomware and encryption in the past, so today I wanted to focus on what are called the man-in-the middle (MITM) attacks.
So, what exactly are these man-in-the-middle attacks? Basically, it’s a case where two people are communicating and a third person has access to those two people’s communication. A simple way to explain MITM is to think about it in the context of snail mail. Imagine that you’re sending a letter to invite a friend to dinner. You happen to have a very nosy mailman who opens the letter and reads it.
The mailman’s a bit of a mischief maker, so it doesn’t stop there. He decides to rewrite the letter, telling your friend that the dinner is actually on a different night. He re-seals the letter and puts it back in the mailbox. Your friend receives the letter, and neither you nor the friend know that anything’s out of the ordinary until your friend shows up two days early for dinner.
A simplistic example but this is exactly how a man-in-the-middle attack works. In this day and age, it refers to a situation where online communications are intercepted by an outside entity. The attacker may simply read the communications, or alter it for the recipient, or make it disappear so that it’s never received. This can occur in email, social media or web surfing and are among the most common kinds of attacks. They can be especially destructive because the victim is typically not aware of the attack during the incident and sometimes not even after it has occurred.
How Man-in-the-Middle Attacks Occur: The Wi-Fi Approach
A common way that MITM attacks occur is through wi-fi connections. When was the last time you logged into an unsecure wi-fi network? If you travel and stay in hotels, visit coffee shops regularly, chances are it was pretty recently.
Hackers often launch MITMs attacks by setting up legitimate sounding—but fake—wireless access points in a public location where people constantly access wi-fi—like your favorite coffee shop. When you connect to that network, the hacker can access your devices and read your traffic. Once in, the hacker can steal your browser cookies, which might include your online activity, login credentials, and pre-fill forms. If you use email from a web browser, the hacker will be able to access your email, giving them the ability to spy on and even alter your communications.
I know – ugh.
MIITM and Communications
In some cases, an MIITM attack might result in someone simply spying on your communications. That’s not good news—many of us use communication channels like email or even SMS text to send personal information—a hacker might learn about an important deal, for example. In other cases, however, the hacker might modify the content being sent. This can also have disastrous effects.
Imagine that you’re discussing the confirmation of a deal with your financial officer. You ask them to withhold the funds pending confirmation. The hacker edits the email you’ve sent to change the word ‘withhold’ to ‘release’. Or the hacker causes the email to disappear altogether so that your financial officer never even receives critical information related to the deal. These are two examples in which MIITM attacks can be very damaging.
Preventing MIITM Attacks: Secure Communications
MIITM attacks are especially concerning because it’s hard to recognize them when they’re occurring—but you can take important steps to prevent them.
What’s absolutely critical when it comes to preventing MIITM attacks and protecting sensitive information from being compromised is to always use secure communications.
Never use public networks for confidential matters;
Limit surfing on public networks to basic, non-personal tasks like checking the news.
Never send information over unencrypted email or text –MIITM attacks are especially common in companies that do not use encrypted email because the attacker can easily see all of the email contents.
When it comes to preventing man-in-the-middle attacks encryption is one of the most important tools you can use. All communication should be encrypted. This may mean moving away from email—often a less secure form of communication—and moving to more modern and secure forms of communication such as secure communications platforms.
To learn how Vaporstream can provide secure communications that go beyond encryption to protect your communications and help prevent man-in-the-middle-attacks contact us today.
Contributor: Kristi Perdue Hinkle