MITM(Man-in-the-Middle) Attacks

Examples of Impacts

The impacts of a successful MitM attack can be extremely devastating. The below example should help you understand how these attacks can have different impacts in different scenarios.

1. Let’s say there was an attack where an attacker was listening to your private conversations. This will be devastating to any company providing these services. This should hence give you an idea of why some companies ensure their messages are encrypted.
2. The attacker can steal your bank account credentials / or session cookies and use them to log in to your account and steal money from your account.
3. They can direct you to a harmful IP address where the harmful site can pretend to be the real one and steal your information, including your login credentials for the site, if any.

Techniques Used For MITM Attacks

Various techniques are used for employing this type of attack. Understanding what causes such attacks can give us more perspective about various situations where we must employ defensive techniques to protect our systems and ourselves from such attacks.

1. Address Resolution Protocol (ARP) Poisoning:

In this technique, the attackers manage to compromise the ARP unit. The ARP unit helps convert a fixed computer MAC address to the corresponding, ever-varying IP address. Here the attacker manages to poison your ARP and makes it believe that the attacker’s computer is the gateway (gateway connects two networks that follow different network protocols), and now without the sender or the receiver knowing the data being transmitted is all passing through the attacker’s computer.

2. DNS Cache Poisoning:

The DNS cache stores the mapping for website URLs to their IPs for faster retrieval instead of having to make a DNS query. These caches are stored on your systems, servers, etc. If an attacker can somehow get complete access to the cache contents and change the mapped IP to a malicious site’s IP, then this can be used to cause harm to the victim.

Here the victim might not even realize and be directed to a very real looking copy of the original site. Enter their essential credentials or information, believing it to be the trusted site, and risk jeopardizing their sensitive information.

3. HTTPS spoofing:

This technique is probably one of the sneakiest. In this, the attacker creates a fake site with a valid SSL certificate, one that looks identical to the original site. Here, the letters in the name of sites are changed to very similar looking Unicode characters. The domain at first glance may appear identical to a human but is interpreted differently and redirects the user to a copy of the original site where they may be able to steal sensitive information such as user credentials for that site, etc.

4. Rogue Wi-Fi / Wi-Fi Eavesdropping:

In this case, the attackers may create an open Wi-Fi with a common name making the connectors believe that they are connecting to a legitimate Wi-Fi. They can also similarly use unprotected Wi-Fi and listen for sensitive information on the network. The unsuspecting victim connects to the site and can have information such as site credentials, debit card details, etc. be stolen.

5. Session Hijacking:

In this form of the attack, the attacker’s purpose is to steal the session’s cookie of the user when they log onto a site for banking, company account, social media accounts, etc. Once they have stolen the session cookie, they can operate your account from their system using the cookie and do all sorts of malicious activities such as stealing funds from your accounts, spamming your social media accounts with malicious messages/links, etc.

These attacks aren’t as common as ransomware attacks have also seen a huge growth in the past few years. These attacks are often the impacts of the user being careless or some big security gaps in the systems, and some information about ways to safeguard yourself from such attacks can definitely help decrease the chances of such attacks affecting you.

Safeguarding Against Such Attacks

Various methods to safeguard ourselves from such attacks are listed below.

1. It may be a good idea to carefully examine the links before you click on one and ensure that it’s a site you trust.
2. Don’t connect to random unsecured public Wi-Fi as they can often be easily set up by attackers nearby trying to steal your sensitive information.
3. When using a public computer/network, ensure that the site you’re connecting to actually connects you to the correct IP address and ensure that the attackers are not pretending to be your gateway (as is the case in the ARP technique).

FAQs

1. Why is the need to safeguard against MitM attacks?

These attacks pose a threat where an attacker could read and manipulate your private and sensitive data while it’s being transmitted from one device to another. It can be catastrophic for various businesses functions if such a situation were to happen, for example, if your bank transactions were intercepted and manipulated or if you had your important data manipulated.

2. What are some other common cyber-attacks?

Phishing, DoS (Denial of service attack), SQL injection, malware, etc., are some of the most common types of cyber security attacks.

3. What jobs can one aim for in cyber security?

One can pursue jobs such as:

1. Network Security Engineers
2. Cybersecurity Analysts
3. Security Architect
4. Information Security officer

4. Difference between a cyber attacker and a hacker?

Hackers also refer to the ethical side where the researchers find and inform related organizations about security threats. In contrast, an attacker is the one to gain access to our data and systems for his own benefit, often at the cost of the victim.

5. What is a DNS query?

It’s a request usually sent by the user’s computer (DNS client) when they try to access a site through its domain name. The request is made to obtain the IP address associated with the domain name.

Key Takeaways

In this article, we have extensively discussed the MitM attack, its causes, prevention and impacts. Refer here to learn more about the future career prospects in cyber security.

Visit the link here for carefully crafted courses on campus placement and interview preparation on coding ninjas.

We hope that this blog has helped you enhance your knowledge regarding Cyber Security and if you would like to learn more, check out our articles here. Do upvote our blog to help other ninjas grow. Happy Coding!