What is a Man in the Middle Attack (MitM)?
This Can Be Used To Hijack Your Browser And Capture Your Sensitive Data!
A man-in-the-middle (MitM) attack is a general term for when a cybercriminal positions himself in a conversation between a user and an application or website – either to eavesdrop or to impersonate one of the entities, making it appear as if a normal exchange of information is underway, such as between the user’s browser and a website.
The goal of an attack is to steal personal information, such as login credentials, account details, or credit card numbers.
Targets are typically the users of financial applications, bank websites, SaaS business sites, e-commerce sites, or other websites where logging in is required. Banking websites are a primary target.
Information obtained during an attack could be used for many purposes, including identity theft, unapproved fund transfers, or an illicit password change (account takeover).
Additionally, it can be used to gain access for a more advanced cyber attack, such as for a data breach.
Broadly speaking, a MitM attack is an equivalent of a mailman opening your bank statement, writing down your account details, and then resealing the envelope and delivering it to your door.
How Do Man In The Middle Attacks Work?
The most common way of doing this is a passive attack where the cybercriminal sets up a free, malicious WiFi hotspot available to the public.
These are typically named to fool their victims. They may be named in a way that corresponds to their location, but they typically aren’t password protected. Once a victim connects to such a hotspot, the hacker gains full visibility to any online data exchange and may be able to include malware to install on the victim’s device.
Insecure networks remain a serious mobile device threat. Attackers can intercept traffic through man-in-the- middle (MitM) attacks, or lure anyone into using rogue Wi-Fi hotspots or access points.
Although the risks of public Wi-Fi are becoming well known, convenience trumps policy—even common sense— for many users. Some organizations are trying to prevent this by implementing Wi-Fi-specific policies, but inevitably, rules will be broken.
One of the most dangerous network threats is the interception of traffic, or MitM. This is often done through rogue access points, which take advantage of familiar and trusted public Wi-Fi names (SSIDs). Users may see the name of a legitimate company or brand and connect to it without a second thought.
While some rogue hotspot names are obviously misspelled (e.g., Starbuckz), many look perfectly legitimate. And users might have the access point already stored in their device, causing it to connect automatically.
That might sound like something out of a spy movie, but it’s more prevalent than SQL injection (SQLi)-type attacks, and almost as common as phishing—but it gets far less press; maybe it needs a better agent?
Seventy-two percent of organizations said they’re concerned about MitM attacks. Of those, 23% don’t feel prepared. Not to mention the public which has very little idea that this is a thing!
The Dangers of Wi-Fi
Rogue or insecure hotspots
Not all access points can be trusted—even those carrying the name of a trusted business or brand. The risk of insecure hotspots may be greater than companies realize. Twenty percent of organizations that suffered a mobile compromise said that a rogue/insecure Wi-Fi hotspot was involved.
According to Wandera, employees connect to an average of 24 Wi-Fi hotspots per week. It also found that 7% of devices encounter a hotspot that presents a low-to-medium severity risk, and 2% encounter one rated as a high risk—one known to be affected by MitM, or a protocol attack like SSL Strip.36
Overall, the average mobile device connects to two to three insecure Wi-Fi hotspots per day. The most common settings are retail, hospitality, and transportation hubs, including airports.
Man In The Middle Attack Prevention
Blocking these attacks requires several practical steps on the part of users, as well as a combination of encryption and verification methods for their applications.
FOR USERS, THIS MEANS:
- Avoid WiFi connections that aren’t password protected.
- Pay attention to browser notifications reporting a website as being unsecured (not HTTPS).
- Log out of a secure application when not in use.
- Not using public WiFi networks (such as coffee shops, hotels, and airports) when conducting sensitive transactions.
- Report suspicious WiFi to the local business to see if they are aware of it.
-/ 30 /-
What do you think about this?
Please share your thoughts in a comment below!
To Learn More Also Look At Our Article Catalogs
Scam & Crime Types
More SCARS
- ScamsNOW Magazine – ScamsNOW.com
- ContraEstafas.org
- ScammerPhotos.com
- AnyScam.com – reporting
- AgainstScams.org – SCARS Corporate Website
- SCARS YouTube Video Channel
Leave A Comment