A Man-in-the-middle attack (MITM) is an attack where the perpetrator secretly retransmits and possibly alters communications between two parties who believe they are directly communicating with each other. What happens next is jarring: private user data is captured and stored to be used at the hacker’s discretion.

How damaging are MITM attacks?

In 2015, Netherlands-based international crimes and terrorism prevention agency, Europol, nabbed a cybercriminal group responsible for international fraud. The criminal organization had been active in Belgium, Georgia, Italy, Poland, Spain and the UK, and according to Europol, were responsible for international fraud totaling six million Euros over a short period of time.

How a Man-in-the-middle attack works

There are two forms of MITM attacks: those based on physical proximity to the target (like a hacker sitting in a coffee shop that offers free Wi-Fi, waiting for unsuspecting patrons to log on), and malware-related attacks (also known as Man-in-the-middle browser attacks or MITBs), where hackers inject malware into users’ computers. The malware installs itself into the user’s browser (covertly) and begins to record all data transmitted between the victim and any targeted websites.

Wi-Fi MITM attacks

MITM attacks are common in free Wi-Fi zones. Often, hackers rely on unsuspecting internet users to access free and unsecured Wi-Fi areas.

For a hacker to successfully perform a Wi-Fi MITM, he must be able to intercept all relevant messages passed between both victims. This is usually possible in environments where there’s very little security or where weak passwords are used to protect router admin access.

For example, let’s imagine that John is seated at his favorite coffee shop and logs onto their free Wi-Fi. John wants to visit an ecommerce website to buy a new pair of sneakers, but he doesn’t realize he’s on a network that has just been compromised by a hacker.

The hacker has accessed the admin settings of the coffee shop’s router and now has access to all data being transferred between John and the router; John’s link to the ecommerce website.

The hacker wants to intercept all traffic between John and the website. It happens to be his lucky day because the ecommerce website doesn’t have an SSL certificate either.

After John has found the pair of sneakers he’s been after, he clicks on the checkout button and the website asks him to create an account. It’s standard practice John thinks, so he creates an account; entering in a name, surname and password.

In that moment, the hacker intercepts John’s new account information, which he can now use for financial gain.

man in the middle attack

Source

The same series of events can take place in situations where the hacker creates what appears to be a secure network.

In this instance, the hacker uses his own set of cryptographic keys to act as though information shared between John and the ecommerce website is secured.

The account information John created for his purchase can be encrypted and decrypted by the hacker.

How SSL can protect your website and visitors against a Man-in-the-middle attack

SSL certificates include a form of endpoint authentication specifically to prevent MITM attacks. During the SSL handshake, a secure session is established because both parties are using a mutually trusted Certificate Authority (CA).

Installing an SSL certificate from a trusted CA on your website prevents MITM attacks, as users logging onto your website are immediately protected by the secure session.

Beat Man-in-the-middle attacks with Strong SSL Encryption on your website

TrustTheSite.com is a platinum reseller of VeriSign, Thawte, GeoTrust, Comodo, RapidSSL and Digicert SSL certificates. We offer the best pricing backed by personalised client support.

Call us on +27 23 004 0196 for a free no obligation discussion about your business needs and we’ll help you find the right certificate for your brand.

How can you avoid MITM attacks?

Look for “HTTPS” connections

Make sure “HTTPS” is always in the URL bar of the websites you visit, but go one step further and confirm that the domain you’re visiting has an SSL certificate issued to the company website you’re visiting.

Phishing websites are designed to steal information by imitating real websites. By acquiring domain validated SSL certificates with variations in the domain name, they are able to create fake websites which use domain validated certificates to create a sense of false security for website visitors.

Here are two ways to check that you’re visiting a real website:

  • Access the certificate information through your browser.
  • Check the website for a dynamic site seal that you can click on.

Keep an eye out for phishing emails

Be wary of potential phishing emails asking you to update your password or any other log-in credentials. Typically, these emails include a link to a website designed to steal user information.

As a precaution, visit the site by typing the URL into your browser to see where the URL takes you. If you feel uncertain about the website, reach out to the business and enquire about the email you’ve received.

Use a Virtual Private Network

Never connect to public Wi-Fi routers directly. Instead, use a Virtual Private Network (VPN), or you can use a browser plug-in such as HTTPS Everywhere.

Install anti-virus software on your computer

Since MITB attacks use malware for execution, using anti-virus software such as Norton Security will protect you against malware injections. Once your version of anti-virus software is installed, ensure that you keep it updated to protect you against newer versions of malware.

Create stronger usernames and passwords

Be sure that your home network is secured. Change all default usernames and passwords on your home router and any other equipment.

Conclusion

Man-in-the-middle attacks target unsuspecting website users. Hackers intercept data transmitted between victims without their knowledge. Businesses can protect website visitors by installing SSL certificates that prove their organization and website are legitimate, as well as installing site seals for users to click and query business legitimacy in real-time. Users are able to prevent MITM by being more vigilant when visiting website, by creating strong credentials for personal routers and using anti-virus software to protect against malware injections.

Beat Man-in-the-middle attacks with Strong SSL Encryption on your website

TrustTheSite.com is a platinum reseller of VeriSign, Thawte, GeoTrust, Comodo, RapidSSL and Digicert SSL certificates. We offer the best pricing backed by personalised client support.

Call us on +27 23 004 0196 for a free no obligation discussion about your business needs and we’ll help you find the right certificate for your brand.

Share This