The Growing Threat of Man-in-the-Middle Attacks

By Avalon Siegel
June 16, 2021
10 min

The goal of most cyber criminals is to steal valuable information for users. Attacks can be directed at individual users, famous websites, or financial databases. Although the methodology is different in each situation, the end is always the same. One cyber threat increasingly targeted at mobile phones is what’s known as Man-in-the-Middle (MitM) attacks. Although not new, these are growing in sophistication and frequency.

In most cases, criminals try to insert some type of malware onto the victim’s computer or mobile device. Since this is the shortest route between them and the data they so desperately want. Just as the name suggests, This method introduces an intermediary (the cybercriminal or a malicious tool) between the victim and the source: an online banking page or an email account. These attacks are really effective and, in turn, very difficult to detect by the user, who is not aware of the damage they may suffer.

App developers can block these threats. However, 43% of app developers admit to taking shortcuts that compromise security, in the rush to get to market. Given this, mobile administrators must take strenuous steps to secure their mobile environments.

How do the hackers do it?

These attacks can be launched via various methods. One common one is to create an “evil twin” WiFi network that looks like the legitimate one they’re copying. Another is to take control of a secure network connection, undetected by the mobile and the secure network it’s connecting to.

In a nutshell, these attacks are carried out when a hacker gets between a mobile device and another data source that the mobile is trying to communicate with.

The hacker uses one of two approaches:

They passively monitor the communication and steal information (e.g. passwords).

They secretly intrude on the communications link, controlling it and often injecting malicious software into the mobile and computer(s) involved.

MiTM Attack Variants

In the most common MiTM attack, a WiFi router is used to intercept user communications. This can be done by configuring the malicious router to appear legitimate or by attacking a bug in the router and intercepting the user’s session. In the first case, the attacker configures his computer or other device to act as a WiFi network, naming it as if it were a public network (of an airport or a cafeteria). Afterwards, the user connects to the “router” and searches for banking or online shopping pages, the criminal capturing the victim’s credentials to use them later.

In the second case, a criminal finds a vulnerability in the configuration of the encryption system of a legitimate WiFi and uses it to intercept the communications between the user and the router. This is the more complex method of the two, but also the most effective; since the attacker has continuous access to the router for hours or days. Also, you can snoop around sessions silently without the victim being aware of anything.

Prevention

Generally, it is very difficult to detect when a MitM attack is being suffered, therefore, prevention is the first measure of protection. In order to minimize the risk of becoming the target of such an attack, you should carry out some specific actions:

Access to secure certified websites. (Those that start with HTTPS, checking that the certificate belongs to the corresponding company or entity).
Protect the company’s Wi-Fi network. Securing at least the network in WPA2-AES mode with strong and non-guessable passwords, thus preventing attackers from sneaking into the local network. If it is necessary for clients to connect to a network in your company, enable a guest network with restricted access to the corporate network and company services.
Keep the software of your equipment updated, especially the operating system and the browser.
Use strong passwords and whenever possible enable two-step authentication.
Avoid connecting to open Wi-Fi networks (those that you can find in coffee shops, hotels, airports, shopping centers, neighbourhoods, etc.), in case of connection using a virtual private network or VPN.
In case of connection through public networks without using a VPN (shopping centers, airports, etc.), avoid spreading personal information by connecting to social networks or online banking, among other examples.
Avoid using free VPN networks, as it is unknown who is behind them and how they can use the information.
Avoid opening email links from unknown sources.
Use security software such as antivirus and antimalware on corporate computers and keep it updated, performing frequent scans. In addition, it is also advisable to protect the LAN network through the use of specific security hardware such as Firewalls or mUTMs with IPS / IDS (intrusion detection and prevention), thus improving both the passive and active security of the corporate network.
Keep the software firewall activated in those systems that allow it.
Protect the corporate website with an SSL certificate.

If you or your organization have recently suffered an infection on your computers or work phones, or you suspect that you may have obtained due to strange behaviour, pop-up windows, advertising, etc, we at Cubed Mobile are here to help. With our team of trained cybersecurity professionals, rest assured that your sensitive data can be safe from pesky online criminals or invasive attacks.

Schedule a call with us to establish a secure, data fortress and create the best defense for any course of action!