The Latest BlueVoyant News
Product and Solution Information, Press Releases, Announcements
|Three’s a Crowd - Protecting Against Man-in-the-Middle Attacks|
|Posted: Tue Oct 06, 2020 03:40:10 PM|
A man-in-the-middle attack, or MitM, is an attack where the attacker’s goal is to secretly listen in on or modify traffic going between two parties. The target of the attack is usually intellectual or fiduciary information.
How a MitM Attack Works
Man-in-the-middle attacks are typically executed in two phases - interception and decryption.
Think of MitM as two people chatting while, unbeknownst to them, a third person is eavesdropping on their private conversation with malicious intent. The third person, or man-in-the-middle, listens in on and records the conversation creating an interception.
Using information gained from the conversation, the eavesdropper can believably impersonate the first person in interactions with the second. That interaction usually starts with the MitM posing as person one, asking person two to loan them money. This is known as “decryption.”
Person two, trusting person one, hands over the money, not knowing there is a third person in the scenario.
MitM attacks can be used to:
These attacks are executed in a variety of ways, and while detecting an attack may be difficult, attacks are preventable.
7 Different Types of MitM Attacks
Cybercriminals can perform a MitM attack in multiple ways:
How to Prevent an Attack
MitM attacks are one of the oldest forms of cyberattacks, dating back to the early 1990s. Here are some ways you can protect yourself against these attacks:
Services: Ensure ‘HTTPS’ and not ‘HTTP’ appears in the address bar of all websites you visit. Don’t click on links in an email, rather type the website address into your browser. Don’t connect to public Wi-Fi routers if you can avoid it - connect via a VPN, which encrypts your connection and protects your data. Make sure your home Wi-Fi network is secure by updating all default usernames and passwords to unique, strong passwords.
Software: Install antivirus software on your devices as well as a comprehensive email and web security solution. Don’t install unnecessary plugins or software, especially if it’s free - these may contain malware.
Organizations: In a company setting, know what access and time is normal for working - any unusual activity should raise a red flag. Educate yourself and your staff about cybersecurity - understanding what a threat could be. This can help prevent attacks through awareness.
MitM attacks are evolving, and sometimes new technology is developed without security as a high priority. Encryption is not a complete solution, and if a MitM attack is successful, it could lead to negative brand perception and loss of trust from your customer - don’t let yourself be caught off-guard.
Original Post by BlueVoyant