Branded Dotted Block Graphic - Dynamic Networks Group
Branded Three Diagonal Stripes Graphic - Dynamic Networks Group
Branded Plus Grid Graphic - Dynamic Networks Group

Cyber Security Spotlight: MitM Attack

In another of our cyber security spotlight blogs we’re taking a look at MitM attacks to help you understand this particular type of common cyber-attack and how to avoid it.
 
Cyber Security Spotlight: MitM Attack

What is it?

MitM or Man in the Middle attacks to give it its proper title are very similar to eavesdropping attacks, which we covered in our very first cyber security spotlight. To be successful, a man in the middle attack needs three key components; the victim, the “thing” the victim is communicating with, be it a bank, service provider and so on and of course, the man in the middle. Critically, the victim will be entirely unaware that there is a third player in place – the man in the middle.
 

How does it work?

There are two main methods of executing man in the middle attacks: proximity-based attacks and man-in-the-browser attacks which require the use of malicious software. Often cyber criminals execute these attacks in two distinct phases as well. Phase one is interception and phase two is deception.

The proximity-based method works by the cyber-criminal accessing unsecured or weakly secured Wi-Fi routers and then using their interception toolkits to read the transmitted data. The man-in-the-browser method relies on the attacker first finding a way to inject malware into the victims connected device(s). Typically, this is achieved by phishing whereby a seemingly legitimate email or text message is sent, appearing to be from a trusted source, then once this message is opened the user can unwittingly load malware onto their device. After that, the malware installs itself into the browser and records the data sent between the victim and specifically targeted websites, before then sending this data back to the attacker.


How can you protect against it?

First up, be aware of websites that are not using the HTTPS protocol as this is a clear indication that the website is question has weak online security. Next, be very wary of any emails you receive asking you to change, update or confirm any login credentials or personal data. Avoid clicking any links in these types of emails and instead, visit the website directly by typing the URL into a search engine.

Avoiding connecting to public Wi-Fi wherever possible and if you are using public Wi-Fi don’t engage in any sensitive actions such as logging into online banking. As an added layer of protection when using publicly available internet, consider installing and using a virtual private network (VPN) as well. This will encrypt your network connection so any private data you might send has that extra layer of protection.

Finally, to protect yourself from the man in the middle attackers that rely on malware, installing the right security software for your devices is a no brainer, and last but by no means least always use strong, unique passwords!
 

Previous examples of eavesdropping attacks…

Way back in 2015, there was a multi-nation bust that succeeded in nailing 49 suspected cyber criminals who had been using MitM attacks to find and intercept payment requests sent via email. Find out more here.

So there you have it, a mini overview of man in the middle attacks and how to avoid them.

If you think your business needs better cyber security don’t rest on your laurels, contact our team today.
 

Dynamic Insights & advice

Dynamic Networks completes a Management Buyout and commences its acquisition strategy.

"David Smith (CEO) and Gareth Leece (COO) have successfully completed an MBO of Dynamic Networks, working with Paul Landsman of Kingland Capital. The MBO provides for a simplification of the Board structure to allow for its continued accelerated growth strategy. The additional investment secured through Kingland Capital provides a significant fund for the Management Team to hire likeminded industry professionals in-line with its hiring plan and also acquire complimentary Cloud Managed Service Providers as they continue their objective to be one of the fastest growing MSP’s in the UK with a strong reputation for quality service. Further announcements to follow."