A Clark School study found that hackers attempt to get access to connected PCs every 39 seconds. One type of malicious attack they use is the man in the middle attack.
Yeah, this attack sounds like that game you played when you were a kid. Monkey in the Middle. You and a friend toss a ball back and forth. And your little brother is jumping to intercept.
The difference is that in this “game,” the two throwers don’t know the monkey is there. The monkey can intercept the ball, take a good look at it, and toss it to either thrower. Find out more about the MITM attack, its purpose, and how to avoid it.
In a man in the middle attack, a hacker puts himself in a conversation between a user and an application. The attacker impersonates one of them. And he tries to make the conversation seem like a normal information exchange.
The main goal of the attack is to steal some type of personal information. Login credentials, credit card information, or other account details are likely targets. Attackers target financial applications, e-commerce sites, or other sites that host sensitive information. He may attempt to use that data for identity theft, fund transfers, or to change the victim’s password.
What does a MITM attack look like? There are two phases: interception and decryption. We'll break down both phases of the attack below.
Interception An attacker must first intercept traffic before it reaches its destination. In each of the following cases, the attacker uses the method to get between the victim and an application.
IP (Internet Protocol) spoofing involves having the attacker disguise himself as an application. Users attempting to connect to a certain web address are sent to the attacker’s IP address instead.
ARP (Address Resolution Protocol) spoofing links the attacker’s hardware address to the IP address of a user on a network using fake ARP messages. Data sent from the victim to the application is sent to the attacker instead.
DNS (Domain Name System) cache poisoning requires the infiltration of a DNS server. The attacker alters a website’s address record on a DNS server. Users who try to access the site are instead sent to the attacker’s site.
Decryption Once the traffic is intercepted, two-way SSL traffic must be decrypted. And the user and application can’t find out about the attack. There are some ways to accomplish this deceit.
HTTPS spoofing involves sending a phony certificate to a victim’s browser. The user’s browser is fooled into thinking it’s in a secure conversation with the application.
SSL hijacking requires passing a forged authentication key to the user and application. The two think they are communicating directly, but the man in the middle controls the session.
SSL stripping downgrades the HTTPS connection to HTTP. The victim receives an unsecured version of the site while the man in the middle keeps a secure session. The attacker can view all the data on the unsecured side of the connection.
MITM attacks often occur because of poor SSL and TLS implementations. Managed IT services provide users with optimized end-to-end encryption. Certificates are hosted on the service’s content delivery network. The certificates are optimized to prevent SSL/TLS attacks. Configurations are kept up to date by professional security to counter new threats.
IT security services also help to avoid MITM attacks with remote takeover protection. The service identifies that your screen is being captured by a man in the middle. And the service shows the hacker an isolated virtual screen.
The virtual screen is a visual display simulated by the security software. It denies hackers the ability to see your real desktop and shows a warning message instead. You’ve basically put up a partition with “Keep Out” scrawled across it.
Don’t let a hacker force you into a game of monkey in the middle. A man in the middle attack can result in loss of sensitive data, stolen assets, and even identity theft. Why worry about having your data compromised? Call Envision and ask about our managed IT services.
Don’t trust your company’s critical data and operations to just anyone! This business advisory guide will arm you with 21 Revealing Questions you should ask any computer consultant before giving them access to your network.
7500 Jefferson St. NE
Albuquerque, NM 87109
505-823-3400