MITM cyberattack: What Is It? How does it work ? How can you easily prevent it?
Published on Sept. 10, 2021, 1:31 p.m. (Updated on 24 September 2021 17:11)
The most famous case of a MITM attack dates back to 2015, when Europol dismantled a group of 49 “cyber fraudsters”. Those hackers operated by intercepting communications between certain businesses and their clients across Europe, causing victims to unawarely transfer money to illegitimate bank accounts. In 2021, a year marked by an increase in cyberattacks, there is a need for special vigilance regarding those “Man-in-the-Middle” attacks. How do they take place? How to defend your company against them?
To effectively protect yourself from cyberattacks, you still need to know how to define them. MITM attacks include a wide variety of cyber attacks. They effectively designate all the situations where a third party intercepts communications between two systems, without their users being aware of the situation.
In its online cybersecurity glossary, the US National Institute of Standards and Technology (NIST) defines MITM as a “an attack where the adversary positions himself in between the user and the system so that he can intercept and alter data traveling between them”.
The NIST further specifies that the actors hacked in an MITM attack are not aware of the attack, because the connection between the computer systems is maintained. The attacker replaces the stolen elements with others, or restores them once the theft is complete.
In any case, the hacker takes encrypted exchanges and deciphers them. They also pose as the legitimate interlocutor. This way, the victims think they are communicating with someone they trust. They actually interact, actively or passively, with the hacker.
This same government agency further explains that the most well-known MITM attacks fall under what is called “ARP poisoning”, or “ARP spoofing.” The hacker uses the ARP address resolution protocol to attack a local network – often Ethernet or WiFi. Then, they proceed to hijack the information exchange flow between devices and their gateways, be they internet boxes or routers.
There are several types of MITM attacks:
MITMs target all companies, SMEs as well as large groups. Cybercriminals may try to steal sensitive data in order to blackmail the general management, much like with ransomware. They can also try to steal funds, for example through identity theft.
This explains why Man-in-the-Middle attacks rely in particular on professional messaging, instant messaging, banking applications, business software, virtual data rooms and online meetings. Information exchanges around M&A transactions also represent prime targets.
MITMs target your communications in order to hack bank accounts, steal confidential data in exchange for ransom, or sell your data to the highest bidder. The motivations behind a MITM attack often are financially driven.
Man-in-the-Middle attacks can also be part of unfair competition tactics or political sabotage. Indeed, the stakes might be to access a company's client data. This way, a competitor is in capacity to spy on your content, and find a flaw that could expose you publicly.
To fully understand Man-in-the-Middle attacks, here are four simple examples:
There are many measures to protect your company against Man-in-the-Middle attacks, from the most basic to the most sophisticated. The first step is to enforce internal good IT practices within your company.
Your teams can apply some basic precautions against MITM attacks:
From a software perspective, the first step is to secure your web connections, for instance, use an encryption solution for your internet browsing. This approach is part of a general logic of adopting “public key infrastructures”, or PKI. These technologies secure networks through authentication, certification and encryption methods.
If this is not yet the case, your company has every interest in upgrading its website from HTTP protocol to HTTPS protocol. This will encrypt the web connection between your server and other user devices. You must use an SSL / TLS certificate for this. Without authentication certificates, access to your terminals and computer networks is rendered impossible.
The cryptography of your digital signatures certify that emails you send genuinely come from you. There are several standards for digital signatures formatting, such as Multipurpose Internet Mail Extensions (MIME). Email signatures protect against email content tampering: it can no longer be modified.
So that the content of emails cannot be modified, or even read, it is advised, in addition to electronic signature, to encrypt your messages. Doing so, your emails can no longer be intercepted. Your official contact needs to be given a key to be able to read them.
A Man-in-the-Middle (MITM) cyberattack means that a computer hacker intercepts communications between two people or two machines in order to use confidential data.
This type of cyberattack is used by hackers to gain access to sensitive information. They represent specific risks of identity theft, computer session and email account hijacking and theft of funds.
MITM attacks include HTTPS spoofing, DNS spoofing, IP address spoofing, ARP poisoning, and SSL hacking.
related to Cybersecurity and Cyber Risk Quantification