What is a Man-in-the-Middle Attack (MitM) and how to Prevent it

What is a Man-in-the-Middle Attack (MitM) and how to Prevent it

A “man-in-the-middle” attack takes place when a third party (cyber attacker) intercepts the transaction of data and information between two other parties and modifies it to steal sensitive information from them. In this article, we are going to look at what is man-in-the-middle attack and how it can be prevented using CTemplar encrypted email service.

How does Man-in-the-Middle Attack Work?

In its X-Force Threat Intelligence Index 2018, IBM found that man-in-the-middle attack was “in the middle” of more than a third of cyber exploits. (via HashedOut).

A man-in-the-middle attack happens when an online communication between two parties is intercepted by a third party (cyberattacker), without either of the other two parties being aware of that.

Let’s take a look at a typical man-in-the-middle attack example.

Rob wants to email Harry and send her some money and the two are exchanging public encryption keys and account numbers.

Unbeknown to them, a third party, Sam, is spying on their communication. Sam is the man-in-the-middle.

Sam can intercept the message Harry sends to Rob and instead sends his own message to Rob, pretending to be the latter. For instance, he can send Rob his account number, on which Rob would send the money, believing that he is sending the money to Harry when he is, in fact, sending money to Sam.

Most Common Types of Man-in-the-Middle Attacks

There are 7 types of MitM attacks:

  1. Email Hijacking

In an email hijacking attack, the man-in-the-middle will spy on a transaction between a customer and their bank or other financial institution. The attacker will then spoof the bank’s email address and send the wrong instructions to the customer so they send the money to the attacker and not the bank. 

Take a look here at what are the most costly email security mistakes that can cost you millions.

  1. HTTPS Spoofing

HTTPS in front of a website URL is typically an indication that said website is secure to visit. However, an attacker can trick the browser into believing that a website is secure, but in reality, send it to an unsecured website. Once they have the victim there, the attacker can more easily see what the visitor is sharing, including their personal information and steal them.

  1. IP Spoofing

According to Netcraft, only 1 in 20 HTTPS servers was sufficiently protected from man-in-the-middle attacks in 2016, the other 95% were vulnerable to it.

Another way a cyber-attacker can trick you into giving them your sensitive information is by spoofing an IP address. For example, they can spoof an IP of a computer you want to visit, deceiving you into thinking that you are interacting with that computer when you’re not. Instead, you are communicating with the hacker’s computer and possibly sending your confidential info to them.

  1. DNS Spoofing

Similar to IP spoofing, the attacker uses DNS spoofing to divert the user to a fake site and not the real one that they (user) wants to visit. Thus, the user is tricked into believing they are on the correct website and can leave their login credentials to the attacker.

  1. WiFi Eavesdropping

WiFi eavesdropping typically happens on public WiFi. In this case, the hacker sets up a connection with a legitimate-sounding name. For instance, if you’re at an airport, they might set up a “Burger_King123” WiFi, to make it sound and look similar to the actual Burger King’s WiFi name. If the unwitting victim connects to the fake WiFi, the attacker can then monitor their every online move, including when they use any passwords or send their credit card information.

  1. SSL Hijacking

SSL stands for “Secure Socket Layering” and is a protocol that creates encrypted links between a browser and a server. When it comes to this type of MiTM attack, the attacker intercepts the communication between the victim’s computer and the webserver, sending the user instead to the attacker’s computer to steal information from them.

  1. Cookie Hijacking

Finally, the 7th type of man-in-the-middle attack is cookie hijacking. Cookies are small packets of data that a website stores on the visitor’s computer. They are used so the user doesn’t have to re-enter the information (like their personal info) again and again every time they visit that website. Again, a hacker can hijack your browser cookies and gain access to login credentials and other sensitive info.

Two Categories of Man-in-the-Middle Attacks

If you look at the 7 types of MitM attacks, you’ll notice that they can fall into two categories.

In the first one, the hacker gains access to a WiFi network that is either poorly or completely unsecured. This type of attack usually happens in free and public WiFi hotspots, although they can happen with home WiFi if the network isn’t secure enough (the victim is using a weak password). 

However, for the sake of this article, we are less interested in that form, but more in the other, which uses malware to intercept and spy on an online communication.

This type of attack is also called “man in the browser attack” and is typically accompanied by a phishing fraud in which a hacker impersonates a legitimate entity (like a bank) to con the victim into opening an attachment or clicking on a link that will install malware on their device.

Can a Man-in-the-Middle Attack be Prevented?

Ok, we saw what the man-in-the-middle attack is, but can it be prevented? 

Absolutely and our encrypted email service CTemplar can help you with that. CTemplar guards your email against malicious scripts by using SRI. This makes CTemplar immune to man-in-the-middle attacks and ensures that we can’t serve you any malicious scripts from our server.

In addition, CTemplar also allows you to set up an anti-phishing phrase in your account that will warn you if a phishing attempt occurs.

Of course, to prevent MitM attacks, you should also make sure that your WiFi connection is secure. If you are on your home WiFi, make sure to change the username and password you got from your ISP with unique ones that are harder to crack. 

On the other hand, if you’re on a public WiFi, avoid entering any personally identifying information (PII) and especially financial information such as your credit card number. If you must, use a VPN or a service over Tor network and when visiting a website, always be sure that it has “HTTPS” in its URL.

Do you want a secure and private email service that you can trust to keep your personal information protected? Sign up today to CTemplar and regain your right to privacy now!