Man-in-the-middle attacks: Is your organisation vulnerable?

By Darren Hockley, MD,  DeltaNet International

Last November a report was released stating that 46% of UK businesses had detected a data breach over the 12 months prior. In other words, out of the 5.5 million businesses operating in the UK, around 2.5 million of these have suffered from varying degrees of digital data hacking. Notable multinational firms have fallen victim to online breaches, including Yahoo, Sports Direct, Lloyds Banking Group, Barts Health Trust, Abta, Three, Wonga, and Debenhams to name a few –  all within the past two years.

Man-in-the-middle (MiTM) attacks are not a ‘new’ crime. In fact, they date back to when wireless networks were first made popular and adopted by organisations across the globe. However, the number of attacks have increased in recent years as the discovery of several alternative ways to breach communications systems combined with the broad availability of tools has made it a popular and relatively easy form of criminal activity.

What are man-in-the middle attacks?

A MiTM attack is when hackers breach an online communication system, intercepting and potentially altering information passed through the respective channel. This could be information sent via email, saved on a social media profile, an individual’s search history, or even information retrieved from phone conversations that can be used to hack into other devices and accounts online or offline. For example, an MiTM cyber criminal could access your bank details from an email message and steal money from you or your business’s account. Unfortunately, this is only one of the many ways a hacker can get your information.

Three common types of man-in-the-middle attacks:

Email hijacking

This type of security hack can happen on either an individual and organisational level, and encompasses other forms of identity theft including phishing and social engineering. Phishing refers to when hackers try to steal sensitive data by imitating or masking themselves as a credible organisation (e.g. your bank), while social engineering refers to the act of manipulating users by any means for confidential information. Once email accounts are breached, hackers will monitor the stream of communication between two parties, and mimic the user’s profile to try to get money and/or information sent to their own account, as well as steal data from any user related to the hacked account.

Spoofing attacks 

This cyber breach occurs when a hacker or their malware acts in place of another user’s programme, and steals genuine data inputted by that user. For example, this can happen to someone who believes they are making a secure bank transfer online using a portal they are accustomed to, but in reality it’s a copy of the web-page being cast by a cyber criminal. Spoofing attacks include ARP, DNS, and IP address spoofing, which prey on internal networks within organisations to steal confidential data as well as spread malicious software to all devices connected to the network.

WiFi hacking

No matter whether you use a WEP, WPA or WPA2 connection, a classic form of MiTM cyber crime involves hacking into wireless networks. Hackers can ‘sniff’ or manipulate a user’s web traffic through an unencrypted connection, and use cookies and caches to hack into private accounts. Additionally, they can create a WiFi node that imitates a secure WiFi connection tricking users to connect to it, or simply by cracking a router’s password and breaching the system. This is more likely in public WiFi zones, including cafés, airports, and smart city systems, therefore it is never wise to transfer confidential information outside your organisation’s privately owned and protected connection.

How can I protect my organisation from MiTM attacks?  

As a rule of thumb, when dealing with sensitive information it is always safer to use an HTTPS protocol over the standard HTTP protocol in any search engine browser, as the latter makes it nearly impossible to detect MiTM attacks, and will not warn the user. As an MiTM hacker acts as a interception between the user and their destination host, securing these channels with proper network administration is key to keeping your personal and professional data safe from hacking breaches.

Moreover, making sure that employees never access private company data on their devices via unsecured or public Wi-Fi networks is a critical defensive measure to protect yourself and your organisation. Another preventive measure firms should adopt is implementing a user-friendly Certificate-Based Authentication for all privately owned devices. This safeguarding technique will make it very difficult for hackers to penetrate any and all systems, including WiFi networks, email systems, and internal networks.

In order to mitigate organisational vulnerability for MiTM attacks in the digital age, providing defensive training on data security, identity theft, and social engineering is increasingly important to avoid all types of digital data theft.

Darren Hockley is MD of eLearning provider DeltaNet International, which offers a wide range of courses for businesses including training on information security