CIA

Man-In-The-Middle Attack

Man-in-the-Middle attack

The Man-in-the-Middle attack is a cyber-attack where an attacker secretly intercepts and alters messages between two parties believing to be communicating with each other. An attacker intercepts communication to eavesdrop or modify traffic travelling between them secretly (Bhushan, 2017). Man-in-the-middle is one of the oldest forms of cyberattacks, and computer scientists have been looking at ways to prevent it since the early 1980s.

Why Man-in-the-Middle is dangerous

These attacks are dangerous; their motive is for financial gain or espionage, or just destructive. Damage caused can be massive or small, depending on the attacker's goal and the ability to cause mischief. With the increased use of open Wi-Fi, the consequences of the attack can be pretty serious. Furthermore, the threat actors could use the Man-in-the-Middle attack to harvest personal information. Attackers can also force compromised updates that install malware into users' mobile devices instead of legitimate ones.

Incident where the attack was used to exploit an organization

One of the notable instances of this attack was in Equifax, an American multinational consumer credit reporting agency. In September 2017, Equifax announced a cyber-security breach where cybercriminals accessed approximately 145.5 million US consumers' data. Equifax confirmed that at least 209,000 customers' credit card credentials were taken during the attack.

URL and how the attack works

A man-in-the-middle attack to work requires someone to be virtually present between the two parties' connection to manipulate traffic or observe them. It is achieved by creating a fake network controlled by attackers or by interfering with legitimate networks. The hacker first intercepts a user's network (Bhushan, 2017). The most common method to execute this step is for the attacker to perform a passive attack, making malicious Wi-Fi hotspots available for free. Once the victim connects, the attacker now has access to any online data exchange allowing any two-way TLS traffic decryption without alerting the user or application.

The outcome of the attack

There was the withdrawal of the mobile phone apps by Equifax following its vulnerabilities to the man-in-the-middle attack.

Steps to be taken to prevent this attack from happening again

Equifax should take prevention measures. The best practices to help prevent these attacks include using multi-factor authentication wherever possible, maximizing network control and visibility, and network segmentation (Callegati, 2009). Never connect to public Wi-Fi routers directly; you should also manage and protect your TLS certificates and keys to avoid exploitation of compromised or expired credentials.

References

Bhushan, B., Sahoo, G., & Rai, A. K. (2017, September). Man-in-the-middle attack in wireless and computer networking—A review. In 2017 International Conference on Advances in Communication, Computing and Automation (ACCA)(Fall) (pp. 1-6). IEEE.

Callegati, F., Cerroni, W., & Ramilli, M. (2009). Man-in-the-Middle Attack to the HTTPS Protocol. IEEE Security & Privacy, 7(1), 78-81.