What is a Man in the Middle attack? How to keep your online footsteps hidden

Today we’re going to talk about a ghost in the machine. But don’t get all Gilbert Ryle’d up. We’re not waxing philosophic or discussing Scar Jo movies. No, we’re going to demask that phony bogeyman playing trapeze among your unsecured wires: the Man in the Middle. For those unfamiliar with the term, a Man in the Middle (MITM) breach is a cyber-attack in which the bad guys park themselves between you and the web. Man in the Middle is one of the many common attacks discussed in our Spooky Cyber Threats episode of Ping: A Firewalls.com Podcast, and today we’ll give a more in-depth picture of what the threat looks like.

What is the goal of a Man in the Middle attack?

The objective is simple: gather as much personal data about the victim as possible. If an opening presents itself, cyber criminals will pursue it. This means that if attackers can trick you into revealing or changing your login credentials, they will. If they can swipe your financial data, they will. The Man in the Middle attack is primarily a recon job with an opportunistic slant.

How does a Man in the Middle attack work?

Let’s simplify your web surfing to an easily-digested scenario: your computer, Point A, wants to fetch data from a web server, Point B. Point A requests data, the request travels over the web, and the web server receives the request. The web server gathers the data and ships it back to Point A. Man in the Middle attacks occur when a cyber attacker plants a toolkit between Point A and Point B and acts as a stepping stone between the two.

From this position, the Man in the Middle employs keyloggers, social engineering, and monitoring tools to either abscond with personal data or attempt to manipulate the user at Point A into further jeopardy. This can mean anything from serving fake versions of requested websites, tricking users with bogus password change requests, or tricking your contacts into providing sensitive information through phishing.

While old-school Man in the Middle attacks required attackers to literally plug into your network via close physical proximity, savvy cyber criminals have perfected the technique to take place completely through your browser. No longer do criminals need to crawl through the ventilation system to smuggle a bug onto your mainframe. Now they can do it all from the comfort of home.

How do you prevent Man in the Middle attacks?

1 – Firewalls & Configuration

The most powerful tool you have in the war for cyber security is the firewall. However, an appliance alone is rarely sufficient. It is important to also ensure that your firewall hardware is configured correctly. Think about it, if you buy a fancy home security system, you’re not just going to plug it into an outlet and call it a day. Instead, your security devices should be fine-tuned to fit the needs of your network.

Take your blind spots and unique vulnerabilities into account. No two networks are built the same and so no two firewalls should be configured the same. Ensuring that you have a suitable setup from the start will save a lot of pain down the road.

2 – Comprehensive Endpoint Protection

Even the most expensive hardware will fail once an unsuspecting employee opens a malicious file. Building a tall fence is great and all, but without strong security at the gates, you’re just redirecting network raiders to specific doorways. Sandboxing, ransomware damage rollback, antivirus clients, and browser protection are all fantastic options to add on to your security infrastructure.

Sophos Intercept X is a powerful security suite built to run alongside your current applications. Give it a two week trial for free to see if it works with your network.

3 – Exercise Safe Web Practices

This is the part of the article that preaches about strong passwords and email attachments. So, here goes:

– Use strong, complicated passwords. Never use default credentials like “admin” or “1234”

– If you’re asked to follow a link in an email, always type the URL into your browser. Don’t click! Spoofed domains, typo-squatting, and crucial differences between HTTP and HTTPS mean that every href you click is a potential malware minefield

– Don’t open suspicious attachments from unknown senders

– Avoid public Wi-Fi if possible. If you must connect to a public router, do so indirectly through Virtual Private Networks. Public networks are a watering hole where hungry cyber crocodiles are just waiting for their prey to exhibit vulnerability

Following cyber security best practices and deploying next-generation firewalls with an endpoint solution mean instead of dealing with a Man in the Middle, you’ll more likely be playing monkey in the middle with desperate cyber criminals trying, and failing, to get their hands on your data.

Learn about more cyber threats

Now that you’ve mastered the Man in the Middle, maybe it’s time to conquer keyloggers, trounce trojans, or make persistent threats perish. Check out the Firewalls.com Threat Dictionary to learn about all of the latest network security threats.

Prefer to listen and learn? Check out Episode 5 of Ping: A Firewalls.com Podcast where we talk cyber threats with SonicWall’s Daniel Kremers and Fortinet’s Douglas Santos.


Originally published by Andrew Harmon on LinkedIn Pulse, October 2017