top of page

How to Recognize a Man in the Middle Attack

You might have heard of the phrase ‘Man in the Middle’ when referring to cybersecurity vulnerabilities and breaches, and believe it or not, Man in the Middle (MiTM) attacks usually involve a threat actor inserting themselves in between a user and an application, positioning themselves to either eavesdrop on conversations or to impersonate a legitimate party too receive that information.


As with most cyber attacks, many factors are at play when dealing with threats such as MiTM attacks. On the technical side of MiTM attacks, threat actors have many attack vectors, such as Wi-Fi eavesdropping which is a common method where attackers set up fake Wi-Fi hotspots to intercept user traffic, DNS spoofing which translate domain names into IP addresses, allowing hackers to visit malicious or bait websites without the user’s knowledge, and many more. In addition, a “good” bad actor participating in a MiTM attack must be skilled at not only the technical side of interception, they must also be well versed in social engineering, in other words, they have to know how to talk to people in order to gain their trust. People are much more open to interact with someone they deem as sociable and relatable and potential attackers abuse this. However, you might be asking yourself “why go through all of this trouble to begin with?” Well, it’s like digging for treasure, you don’t really know what spot it’s in so why not keep digging in the area you know it’s buried under.


The main goal of an attack like this is to steal vital user or company information, things ranging from login credentials to financial information such as account details or credit card numbers. With the latter being the more vital information, threat actors will typically target applications like e-commerce sites, SaaS (Software as a Service) businesses, and communication sites. If certain information is stolen from these sites it could lead to severe consequences such as identity theft and unapproved fund transactions.


These Man in The Middle Attacks can get so egregious, as shown in  a case study where it was found that one well placed and timed MiTM attack caused over $700 million in losses by being able to gain access across multiple databases to steal the personal information of 147 million people. This catastrophic break was caused by the previous steps I talked about, technical know-how, and social engineering. It is dangerous what one person dedicated enough can do to a person or company that isn’t aware of the risk.


While Man in The Middle attacks can happen at any time to mostly anyone, including tech personnel at any company, it is important to remember how valuable your data actually is. This being said, it is vital to be vigilant when dealing with anything involving your data, if something feels wrong or fishy, it probably is. Educate yourself on common MiTM practices and always ask your IT division for clarification if something is legitimate or not.

11 views

Comments


Commenting has been turned off.
bottom of page