Get Started Today!  217-475-0226

croom new

Decatur Computers Inc. Blog

Diagnosing a Man-In-the-Middle Attack

Diagnosing a Man-In-the-Middle Attack

The man in the middle has a lot of power and influence over the end result, and this is true even in the technological world. In fact, there are attacks dedicated to this vector, twisting and turning something that your organization needs into what amounts to a threat. We’ll discuss what a Man-in-the-Middle (MitM) attack is, as well as what you can do to combat these threats.

How a Man-in-the-Middle Attack Works

A MitM attack works when a hacker places themselves in between the connection between the two parties, giving them a prime place to intercept and alter data. This effectively provides hackers with multiple ways of tampering with data before it reaches its destination, whether it’s stolen or changed.

If the user isn’t looking for these threats, it’s easy to completely miss them, especially if the attacker is only observing the activity, re-encrypting any intercepted traffic before it arrives at its final destination. Here are some ways that a hacker can pull off a MitM attack.

Man-in-the-Middle Methods

A MitM attack can occur in various stages. Some attackers might try to find a legitimate network connection between the two parties and set up shop there, whereas others might create their own entry point. An attacker’s modus operandi varies; some prefer SSL stripping, where they establish a secure connection with a server, but their connection to the user won’t be, providing them with information the user sends without issue. Some other MitM attacks, such as an Evil Twin attack, try to impersonate a Wi-Fi access point that is controlled by a user. An Evil Twin attack gives the hacker access to all information sent by a user, and an attacker can use the Internet’s routing protocols against the user through DNS spoofing.

If a MitM attack is used for a specific motive, like financial gain, an attacker can intercept a user’s money transfer and change its destination or the amount being transferred. Users aren’t even safe on mobile, as MitM exploit kits have been designed specifically for use on poorly secured devices, installing malware and other threats on them. MitM attacks can be launched in various ways from fraudulent cell towers called stingrays, which you might be surprised to hear can actually be purchased on the Dark Web.

These attacks don’t even require the attention of the attacker. They can be set up for automation. They might not be the most common vector of attack, but they are still a viable threat that should be addressed.

What You Can Do To Minimize Man-in-the-Middle Attacks

Encrypting data while it’s in transit is the only real way to keep your data safe, even though there are occasional flaws in these protocols. It’s also important to be aware of where you’re accessing the Internet from, as open Wi-Fi connections can leave your business’ defenses wide open to spoofed devices.

A virtual private network from Decatur Computers Inc. can go a long way toward protecting your business from Man-in-the-Middle attacks. To learn more, reach out to us at 217-475-0226.

Tip of the Week: How to Successfully Collaborate
There’s More to Managing Millennials
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, August 19 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Latest Blog

The small business owner wears a lot of different hats. The smaller the business, the more hats he/she has to wear. One hat many small business owners wear is that of CIO or CTO. Short for Chief Information Officer or Chief Technology Officer, respectively, these positions t...

Latest News

Decatur Computers Inc. is proud to announce the launch of our new website at http://www.decaturcomputers.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for prospective clients.