MITM Attacks

Man in the middle attacks

Phyras El Amin, (Support Analyst, Masters of Cybersecurity), Transpire

A Man in the middle attack (MITM) is one of the oldest ways of gaining access to unauthorised information. Hackers exploit a network or device by rerouting their connection to a secure site through their own servers controlled by them, and then re-establishing the link to a fake site. This works like a fake Bank Login page, but would send the data to the real site and allow a login, while harvesting the sensitive data.

These kinds of attacks are not very remote, as they are highly difficult to establish without being in close proximity to the target. A common method would be by using a DNS spoofer, and tricking a device and user into thinking they are connected to a site securely, but in reality are connected to a MITM with malicious intentions. The dangers of a MITM attack are even higher, as the introduction of SSL protocol makes users unaware of issues with web pages unless their browser gives them a big STOP header or page.

This kind of attack is used in Government Information Exploitation, where rival states attempt to harvest details to access sensitive information

Hackers using this exploitation is rare for a typical technology user, but for those in sensitive roles, it can be a big threat. MITM attacks have been used in the past by Russian KGB Agents as well as US CIA to attempt to collect information about impending attacks on their nations.

On a large scale, Stingray devices can be used to manipulate mobile networks (3G, 4G & 5G) to collect information from a large number of users. Devices do not suspect they are connected to a malicious network that is routing their information, and when a Stingray device is used, the attack becomes automated and harvests all login credentials it can find and writes them to text files. These devices are readily available on the Darkweb and can be ordered by anyone.

Recommendations from a Cybersecurity student to protect yourself from such attacks would be:

1. Keep your browsers updated to the latest version

2. Avoid using Public Wi-Fi networks

3. Use a Keychain Manager (1Pass, LastPass, Remembear etc.)

4. Look at the little lock beside your URL and ensure you understand how you are connected

5. Never leave your sensitive pages logged in and change networks

6. Keep yourself informed, follow the Tech News, and read up about vulnerabilities in software

These attacks may one day become more prevalent, ensure you know the risks and how to protect yourself.