Everywhere you look, hacking seems to be on the rise, and it's true that many of these attacks are opportunistic. However, some hackers are more calculating than this, conducting attacks over time so they can harvest the data they value. One such approach is the 'man in the middle' (MITM) attack. This involves hackers gaining access to your network, or intercepting your communications so that they can eavesdrop, collect data, and interfere with your own transmissions.
As you can imagine, once a hacker can get between you and the people or systems you communicate with, they have the power to cause immense harm. They can easily gather valuable information such as payment card information, legal documents, and company secrets. But it's hackers' ability to amend and corrupt this information that makes MITM attacks so potentially damaging. Instead of simply harvesting data, hackers can, in fact, change your information to suit themselves. With a few taps of the keyboard they can alter your bank details so that payments land in their accounts, not yours … and you may not notice until months later. This is not a hypothetical threat; hackers have even amended mortgage documents sent from a private home buyer to a solicitor so that hundreds of thousands of pounds were unwittingly redirected into their accounts.
So how do MITM attacks occur? They typically involve two different kinds of interception: either between you and your peers on your company network, or between you and an internet access point – usually over WiFi. The threat from open WiFi networks is particularly dangerous – and another reason why sensitive information should never be sent or received over an open wireless network.
We may imagine that our company networks and intranets are more secure, because we know who can gain access, but there may be a temptation for employees to use their privileges for nefarious purposes – particularly disgruntled employees who decide to gather valuable information before they leave the company. Employees may also be persuaded by a third party to create an access point for external hackers. Given the high value of this kind of access, companies must consider the great lengths that criminals may go to for this kind of fraud. And, as we've discussed in previous articles, employees can easily give hackers access without intent or awareness.
The question is, then, what can your organisation do to limit the risks of MITM attacks? As always, there is an educational component; employees need to understand their role in maintaining a secure network. Employees should never work on company laptops (or phones) from unsecured, public Wi-Fi networks. Employees also need to understand how to spot unsecured websites, and to look for websites using the 'https' rather than 'http' protocol, particularly when sharing sensitive data or making payments online.
From a company IT perspective, using HTTPS on all web and intranet sites is essential for preventing these attacks. An Intrusion Detection System (IDS) can alert you to problems – and help prevent an attack from turning into a costly loss of data, reputation or cash.
Is your organisation protected against MITM attacks? Or is it time to shore up your defences?
DeltaNet International offer a suite of cyber-security training courses designed to deliver effective cyber security training in an easily digestible, highly motivating format. Each course highlights a particular learning objective (e.g. phishing attacks, setting a secure password, using email and browsing the internet) and can be completed in approximately five minutes in order to maximise knowledge retention and keep engagement levels up.
Additionally, we also offer more holistic, longer information security and preventing a data breach courses that address physical as well as digital security threats, as well as courses on the new EU-wide GDPR legislation, with its increased focus on internet security and affirmative consent.