A man-in-the-middle (MITM) cyberattack refers to a cybercriminal who eavesdrops on a digital interaction or exchange between individuals, systems or an individual and a system. During an MITM incident, a cybercriminal can either eavesdrop on an interaction or pretend to be a genuine participant in the exchange. MITM cyberattacks use different strategies to manipulate targets, but the goal of these incidents is largely the same – to retrieve confidential data (eg bank details or login details) and use it to commit further crimes, such as identity theft or fraudulent transfers of money .
Although individuals are the subject of MITM cyberattacks, such incidents are also an acute problem for companies. After all, cybercriminals can use individuals̵7; stolen data to compromise their workplace technology and assets (such as customer information, intellectual property, and corporate assets), which can potentially result in significant losses and business disruptions. With this in mind, it is important for companies to take action to protect their operations and employees from MITM incidents.
Man-in-the-Middle Cyberattacks Explained
A MITM incident usually occurs in two phases. These phases include eavesdropping and decryption. During the interception phase, a cybercriminal will try to gain access to his target technology – usually via a poorly secured Wi-Fi router or fake hotspot – and disrupt the victim’s network connection. From there, the cybercriminal will be able to insert himself between any digital interactions or exchanges that their target may have, thus establishing himself as the “man in the middle.” As a result, the cybercriminal will be able to collect confidential data that is shared during their target interactions or exchanges (unknown to the victim).
During the decryption phase, the cybercriminal will decode all the data they have collected from their target, which makes this information understandable and allows it to be used to commit further heinous acts. Cybercriminals can implement a range of techniques to carry out MITM incidents, including the following:
- Counterfeiting of Internet Protocols (IP).—Every technology with a Wi-Fi connection has a specified IP address that enables communication with other connected devices or networks. When a cybercriminal engages in IP spoofing, they change the properties of the IP address to emulate the technology system of their target, which ultimately sends the victim to fraudulent websites where they may unknowingly share their data.
- Domain name system (DNS) spoofing—This tactic involves a cybercriminal modifying parts of a target’s DNS server as a means of redirecting the victim’s online traffic to fake websites that resemble intended domains. If the target logs on to one of these fake websites, they will have inadvertently provided the cybercriminal with account information and associated data.
- HTTPS spoofing—HTTPS is a security protection for Internet communications that is intended to preserve data confidentiality between an individual’s device and the websites they browse. Through HTTPS spoofing, however, a cybercriminal tricks his target browser into believing that a malicious website is safe and secure, allowing the victim to access it and unknowingly share their data.
- Secure sockets layer (SSL) hijacking—A SSL certificate is a digital authorization intended to authenticate the identity of a website and secure an encrypted connection. When you browse, most devices automatically redirect individuals from insecure websites to those with SSL certificates. During SSL hijacking, a cybercriminal uses his own technology to eavesdrop on this redirect, which stops all information sent between the target device and web server. Afterwards, the cybercriminal will have access to all the data that the victim shares during the rest of his surfing session.
- Email hijacking—This tactic involves a cybercriminal infiltrating a target’s email account, monitoring their conversations, and collecting all the data they can find in these interactions. In addition, this tactic may lead the cybercriminal to pretend to be the victim via email and launch phishing scams against other affiliates (eg employees, customers or suppliers) to gain access to additional data or carry out fraudulent transmissions of money.
- Wi-Fi interception– Wi-Fi eavesdropping is when a cybercriminal creates a fraudulent public Wi-Fi connection with a seemingly genuine name, such as a nearby company. If a target connects to this Wi-Fi, the cybercriminal will be able to monitor the victim’s online activity and collect all the data they share while connected.
- Browser cookie theft– A browser cookie is a piece of personal information that a website maintains on an individual’s device, such as debit card information or login information. If a cybercriminal can infiltrate a target device, they can also gain access to its browser cookies, which jeopardizes the victim’s data.
Examples of Man-in-the-Middle Cyber Attacks
A number of large-scale MITM incidents have occurred in recent years. In 2015, IT experts discovered that a malicious program known as Superfish had been pre-installed on the technology company Lenovo’s devices since 2014, affecting many individuals. This program used SSL hijacking tactics to allow cybercriminals to disrupt victims’ secure browsing sessions, direct them to fraudulent websites, and even place malicious ads within encrypted domains.
In 2017, several financial institutions identified security flaws in their mobile banking applications that had contributed to MITM incidents among customers with iOS and Android phones. These vulnerabilities failed to maintain proper online hostname verification techniques, enabling cybercriminals to use fake SSL certificates to circumvent Internet security protocols and carry out MITM cyberattacks.
Taken together, these real-life examples show how important it is for companies to implement effective measures aimed at preventing MITM cyber attacks.
Man-in-the-Middle Prevention of Cyber Attacks
To avoid and minimize the effects of MITM incidents, companies should consider using these measures:
- Educate employees on safe internet browsing measures, including how to ensure a secure connection and detect potentially fraudulent websites.
- Establish a virtual private connection (VPN) that employees can use for all work-related internet browsing. Prohibit employees from using public Wi-Fi connections.
- Require employees to create complex and unique account passwords, and update these passwords routinely.
- Implement multifactor authentication features on all workplace technologies. Only give employees access to sensitive information if they need it for their specific tasks.
- Encrypt sensitive business data. Make frequent backups of all important information in a safe and secure place.
- Equip workplace technology with adequate security software (eg antivirus software, firewalls, and endpoint detection tools). Update this software as needed to ensure efficiency.
- Keep workplace networks properly segmented to prevent potential MITM cyberattacks and limit related harm.
- Purchase adequate cyber insurance for protection against losses that may result from MITM cyber attacks. Consult a trusted insurance specialist to discuss specific coverage needs.
We can help.
As a whole, it is clear that MITM incidents pose significant cybersecurity threats and data protection issues for all companies. However, by having a better understanding of this cyberattack method and implementing adequate preventive measures, companies can help keep MITM risks at bay.
If you want additional information and resources, we are here to help you analyze your needs and make the right coverage coverage to protect your business from unnecessary risks. You can download a free copy of our e-book, or if you are ready to make Cyber Liability Insurance part of your insurance portfolio, request a suggestion or download and get started with our Cyber & Data Breach Insurance Application and we will work for you.