“Man-in-the Middle”
Everyone that uses the internet can be a target of Man-in-the-Middle attacks. The Internet of Things (IoT) and public Wi-Fi have become quite popular targets in this form of phishing attack. Any time a third-party intercepts network traffic, it can be called a Man-in-the-Middle attack, and without proper authentication it is extremely easy for a threat actor carry out this form of phishing attack! In part 6 of An Understandable Guide to the World of Phishing, I want to take the time to investigate a phishing attack that looks quite different than email phishing, vishing, smishing, pop-up phishing or even angler phishing.
Let’s investigate Man-in-the-Middle attacks.
Man-in-the Middle attacks come about by connecting to free internet which put you on a “shared” network while a threat actor is on the same “shared” network. Places like coffee houses, dentist offices, fast food restaurants, hotels, conferences, and airports…you get the picture! Provide shared Wi-Fi, which means you are sharing not only the internet but the network with everyone attached.
How can you beat free internet!! You sign on to the Wi-Fi internet connection and boom, you are online! How awesome, or is it? Before you answer that question, let’s go deeper on what a Man-in-the-Middle attack is, how it works and how to avoid becoming a victim to this form of phishing attack. Also, a peek into the Internet of Things (IoT)!
What is a Man-in-the-Middle Attack?
As mentioned, a man-in-the-middle (MitM) attack is a type of phishing attack in which threat actors sit on the same, “shared” network and uses tools to secretly “eavesdrop,” intercept and capture data going from your computer to the internet. They can also “spoof” messages between two parties, who believe they are communicating directly with each other. Bypass your machine’s security and copy files off your computer.
Next time you’re on a public Wi-Fi go into file explorer and click on network. Those are all the other computers that you can see and if you can see them, they can see you! Once seen the threat actor can get around your security and capture your data.
With a man-in-the-middle attack, the threat actor gets in “the middle” of you and let’s say your bank’s website or application. Threat actors can then read, block, or modify “Spoof” the information exchanged, such as your account usernames/passwords. During the decryption phase, threat actors will decode the stolen data and hunt to gain access to more sensitive information.
Now that we know what a Man-in-the-Middle attack is let’s investigate how it works.
How it works
You go to the local coffee house and jump on their free Wi-Fi, sign into your social media account, check your bank account, and check your work email. Meanwhile, a threat actor is nearby connected to the same “shared” internet connection and has placed a computer on the network capable of “sniffing” out traffic (your device communication over the internet). As you accessed your accounts, the threat actor gets in the “middle” of your transmissions, intercepts, and steals your login credentials.
Threat actors may also set up “rogue” access points (how you connect to the internet) to intercept communications to steal data. A rouge access point is an access point with the same name as the free Wi-Fi. Your computer cannot tell the difference. It attaches to the strongest signal. This potentially gives threat actors full access to your sensitive information like passwords and\or usernames, credit card numbers, even “private “messages, which can be captured and decoded at a later time.
As mentioned, any Public Wi-Fi, such as airports, hotels, and coffee houses are common sources of Man-in-the-Middle attacks because threat actors can sit without anyone noticing them. All it costs is a cup of coffee and time. The spots that offer free Wi-Fi do not verify who is using it, so it leaves you wide open to “sniffing” tools or “rouge” access points that allows the threat actor to get in the “middle” of your communications over the internet and steal your information.
Phishing in all forms has the same end-goal: to steal your personal information, whether it be passwords, financial information, or other sensitive information. Man-in-the-Middle (MitM) attacks are widespread, vigorous, and destructive! Prevention is easy for this one.
How to prevent this from happening to you?
Everyone sending information over the internet on a free, “shared’ internet connection is a potential Man-in-the-Middle target! Use your phone as a hotspot and connect privately to the internet instead of using free ‘shared” internet.
If you cannot use your phone as a hotspot then buy a personal Wi-Fi firewall. A personal firewall is a device that blocks anyone from accessing your equipment. It can also create your own network for enhanced security. Connect to the free Wi-Fi and then you connect to the firewall.
You can also use a Virtual Private Network (VPN). A VPN creates a tunnel that blocks anyone on the network from seeing your traffic. It will also change your network connection, making you invisible on the network.
In all three cases you create a private connection, and the threat actor cannot see you. No matter what you use or don’t use, always add two-factor authentication when it’s available. That way even if they steal your login and password, they can be blocked from accessing without the two-factor authentication code.
I want to take a minute to talk about IoT devices.
The Internet of Things (IoT), simply said small devices that connect to the internet but do not get regular updates such as thermostats, car alarms, or surveillance cameras, have become an increasingly popular target for Man-in-the-Middle attacks.
With rapid growth, lack of updating, lack of security, as well as their potential to deliver a massive amount of personal identifying information (PII) makes “hijacking” their traffic an appealing prospect for threat actors. The threat actor can see the device on the network. They will use posted vulnerabilities to hijack the equipment.
It might be a funny prank to turn your thermostat to 100 during the summer or order from your refrigerator everything on your list 5 times over. This is annoying and extremely hard to protect against. If you have these devices on your network, then while turning up your thermostat the threat actor will try to hijack all your equipment and put a virus that will auto-load when you connect to the internet.
The easiest way to minimize the damage is to put the IoT devices on their own network. This way if they do get hijacked the only thing, they can access is the IoT devices. We can help you do that.