Man-in-the-Middle [syndrome]: It’s not about lack of attention


By Tyler Moffitt

With Australian Stay Smart Online Week over for another year, it’s tempting to go back to our old habits and forget best practices for cybersecurity. Yet threats remain constant. According to Australia’s national notifiable data breach scheme, 245 breaches occurred in the three months to June 2019. Of these, over half were malicious or criminal attacks (62 percent), and the vast majority of these were linked to compromised credentials.

It is clear that Australians are particularly lax about taking basic cyber hygiene action to prevent their data from being exposed. Alarmingly, many are also falsely confident they can spot when their online information is exposed to more sophisticated threats. Our recent Hook, Line and Sinker: Why Phishing Attacks Work report found that two in three Australian workers have clicked on ‘unknown sender’ links at work, jeopardising the security of their business and colleagues.

We need to change the naive thinking that a strong password alone guarantees security. A man-in-the-middle (MITM) attack can take shape online in any number of ways – this is when an outside individual, often a hacker, intercepts and/or alters communications between two systems. Be it email, social media, banking or simply any webpage you would log into using your Internet browser, hackers can get between you and whatever system or person you’re interacting with, to capture your data and information.

As threats continue to evolve and change, it’s an individual’s responsibility, and in their interest, to make sure they’re cyber security literate and understand how attacks work. Three of the most common types of MITM attacks include Wi-Fi interference, email hijacking and session hijacking.

  • Wi-Fi Interference: A common tactic used in MITM attacks is Wi-Fi interference, where a hacker uses a wireless connection to eavesdrop on anyone connected to the Wi-Fi network. This allows them to gain access to a host of personal, financial or corporate information. Hackers set up a Wi-Fi connection and wait for their victims to connect. This includes waiting for unsuspecting individuals to connect to a phony hotspot intentionally named to trick them into connecting (think ‘Free WiFi’ at coffee shops and airports). Once a device is connected to the hacker’s network, they have access to all the information on the connected device.
  • Email Hijacking: Another frequently used MITM attack vector is email hijacking. In this type of attack, hackers can single out their victims by targeting their email accounts. High-profile corporations, financial institutions and banks tend to make headlines as the most often targeted in such MITM attacks. But anyone can be a victim. Once attackers have access to their desired email account, they quietly monitor the correspondence and wait for an opportune moment to make their move. Slipping into a conversation involving money transfers is a common tactic. Hackers will insert themselves into the email conversation at the precise moment, faking a company email and providing their own bank details so victims transfer their money straight into the hackers’ accounts, while believing they are sending money to the legitimate
  • Session Hijacking: MITM attacks can also be conducted through session hijacking. When you log onto a website, a connection between your computer and the website is established, and hackers are able to hijack this session with the website. There are various ways to hijack the session, but one of the most common ways is by stealing browser cookies – yes, those things you “accept” every time you jump to a new website. Cookies can store all types of information, everything from online activity to login credentials to your location. Once hackers have access to these login cookies, they can very easily log into your accounts in which you accepted cookies.

At the most basic level, man-in-the-middle (MITM) attacks are just a more advanced form of eavesdropping. But, despite their often simplistic nature, they can pose a serious threat to you, your personal data and your business. Even the Department of Home Affairs has come under criticism for making it easy for MITM attackers to manipulate their data, posing a huge risk to the credibility of their operations.

MITM attacks are sneaky and insidious. However, there are a number of ways that you can protect yourself, and your business, from falling prey to their stealth.

Individual users can take simple steps, such as paying close attention to whether a website is properly secured, logging out of applications when not in use and refraining from connecting to public Wi-Fi hotspots. Simply by implementing these basic, simple cyber hygiene best practices, you can dramatically decrease your chances of falling victim to a MITM attack. And if you must connect to an unsecured Wi-Fi network, make sure you encrypt your data using a virtual private network (VPN).

Business can help prevent MITM attacks by implementing other strong encryption mechanisms . In the case of the Department of Home Affairs, its website and collateral are of interest to foreign actors who may seek to falsify the Australian government’s official comms. No matter the scale of threat, a proficient IT professional can make sure a business’s processes are impenetrable.

Two communications protocols – Transport Layer Security (TLS), which provides end-to-end security between two communicating computer applications, and Hypertext Transfer Protocol Secure (HTTPS) – provide encryption and authentication so the data being transmitted when an individual gains access to a website is protected. It’s also vital that effective encryption on wireless access points is in place to prevent unwanted users from joining, or forcing themselves into, the network.

As more devices become internet enabled, the MITM attack landscape will continue to evolve dramatically. With internet-enabled cars, fridges and even hair straighteners, hackers have never had more opportunity to insert themselves between you and the wireless systems you connect to. A West Australian mum reportedly faced a baby monitor hack after her device showed a room that wasn’t her child’s, and chances are we’ll see similar stories continue to make headlines.

Just as we experiment with these new technological advances, so, too, are hackers. MITM attacks are a real threat, and as we continue to embed internet-enabled technology into almost every facet of our lives, MITM attacks will remain a threat to watch.

Tyler Moffitt is a senior threat research analyst at Webroot who is immersed in the world of malware and antimalware. He focuses on improving the customer experience through his work directly with malware samples, creating antimalware intelligence, writing blogs and testing in-house tools. Follow Tyler on Twitter @Webroot or on LinkedIn.


Leave A Reply