Third post of the Cyber Security Introduction series. Let's talk about the Man in the Middle attack, how it happens, how you can prevent it and how to can recover from it when possible.
What is Man in the Middle?
For a Man-in-the-middle (MITM) attack to take place you need three actors: the victim, an entity the victim is trying to communicate with, the man in the middle which intercepts the communication.
MITM attacks are a tactical means to an end. The outcome could be spying on a target (individual, groups, companies), redirecting traffic, stealing credentials / sessions and more.
How to prevent it?
Make sure that any website you visit uses the
HTTPSprotocol and that the certificate is valid. This will often be represented by a closed lock in the address bar.
Try not to connect to public Wi-Fi like Starbucks, Airports, etc. Instead use a Mobile Hotspot and connect directly to your phone as this is a lot harder to spoof.
If you need to connect to a public Wi-Fi make sure that you use a Virtual Private Network (VPN) that encrypts the data as this will limit the MITM possibilities.
Make sure that your home Wi-Fi network is secured. This can be done by using the latest Wi-Fi security (WPA2 or WPA3). Make sure your home router is up to date with the latest firmware. Change the default Wi-Fi password and default router login to something complex.
Regularly check the connected devices on your network and kick out any unknown or old devices. This can be done from your router management page. Also check for hard-wired connected devices; there have been cases of attackers plugging small devices that siphons and records all communications on a network (example below of a device hidden in plain sight).
Finally whenever possible make sure that you have Multi Factor Authentication (MFA) activated. If your login information are stolen and MFA is activated you will be notified of any login attempts.
Impact and how to recover from it?
MITM attacks can be devastating as they let attackers access many types of data such as: logins and passwords, visited websites, session tokens and cookies, personal information and more.
From the moment you discover that you have been a victim of a MITM attack you should deem all data compromised. From this point you will need to connect to a secure network and rotate all passwords, keys and any confidential information.
You will then have to identify where the attack took place and which network was compromised and why. This is typically where the police might be involved and other cyber-security agencies working with the police.
In conclusion always be wary of where you connect to. also keep in mind to regularly check for anomalies in your network.
About Us
Pixium Digital is an agile software development company with their headquarters located in Singapore. We focus on shaping our clients project from ideas to successful project launch.
Cyber Security is a big part of any project we have to deliver. Very often we have been the witness of lack of awareness or caution from various providers or clients we have worked with. We aim to share those little tips to the community so that with everyone's effort, we can make the web a safer place.
Top comments (0)