In another of our cyber security spotlight blogs we’re taking a look at MitM attacks to help you understand this particular type of common cyber-attack and how to avoid it.
What is it?
MitM or Man in the Middle attacks to give it its proper title are very similar to eavesdropping attacks, which we covered in our very first cyber security spotlight. To be successful, a man in the middle attack needs three key components; the victim, the “thing” the victim is communicating with, be it a bank, service provider and so on and of course, the man in the middle. Critically, the victim will be entirely unaware that there is a third player in place – the man in the middle.
How does it work?
There are two main methods of executing man in the middle attacks: proximity-based attacks and man-in-the-browser attacks which require the use of malicious software. Often cyber criminals execute these attacks in two distinct phases as well. Phase one is interception and phase two is deception.
The proximity-based method works by the cyber-criminal accessing unsecured or weakly secured Wi-Fi routers and then using their interception toolkits to read the transmitted data. The man-in-the-browser method relies on the attacker first finding a way to inject malware into the victims connected device(s). Typically, this is achieved by phishing whereby a seemingly legitimate email or text message is sent, appearing to be from a trusted source, then once this message is opened the user can unwittingly load malware onto their device. After that, the malware installs itself into the browser and records the data sent between the victim and specifically targeted websites, before then sending this data back to the attacker.
How can you protect against it?
First up, be aware of websites that are not using the HTTPS protocol as this is a clear indication that the website is question has weak online security. Next, be very wary of any emails you receive asking you to change, update or confirm any login credentials or personal data. Avoid clicking any links in these types of emails and instead, visit the website directly by typing the URL into a search engine.
Avoiding connecting to public Wi-Fi wherever possible and if you are using public Wi-Fi don’t engage in any sensitive actions such as logging into online banking. As an added layer of protection when using publicly available internet, consider installing and using a virtual private network (VPN) as well. This will encrypt your network connection so any private data you might send has that extra layer of protection.
Finally, to protect yourself from the man in the middle attackers that rely on malware, installing the right security software for your devices is a no brainer, and last but by no means least always use strong, unique passwords!
Previous examples of eavesdropping attacks…
Way back in 2015, there was a multi-nation bust that succeeded in nailing 49 suspected cyber criminals who had been using MitM attacks to find and intercept payment requests sent via email. Find out more here.
So there you have it, a mini overview of man in the middle attacks and how to avoid them.
If you think your business needs better cyber security don’t rest on your laurels, contact our team today.
Dynamic Insights & Advice
Dynamic Networks Group Continues Its Expansion
Dynamic Networks Group continues its expansion with the acquisition of Peak Support Services Ltd, a Derbyshire based Cloud MSP.
Dynamic Networks completes a Management Buyout and commences its acquisition strategy
David Smith (CEO) and Gareth Leece (COO) have successfully completed an MBO of Dynamic Networks, working with Paul Landsman of Kingland Capital. The MBO provides for a simplification of the Board structure to allow for its continued accelerated growth strategy.
10 reasons to archive your business emails in the cloud
For most organisations, email has become an essential part of daily workflow and communications. However, many businesses are unaware of the importance of archiving their emails and having an email retention strategy.
Planning a successful migration to the cloud
Moving to the cloud comes with multiple benefits. For most businesses, it usually means reducing running costs, faster modernisation capabilities and increased security.
2021 IT trends your business should be thinking about
Here are our top IT trends and predictions your business should be thinking about now to prepare for 2021.
The end of Skype for Business is closer than you think...
Microsoft have recently announced that Skype for Business Online will be retiring on July 31, 2021.