A man-in-the-middle attack is not just in the movies

It’s the classic movie plot – the criminal intercepts communications, monitors activities, and injects false information causing untold damage. While these portrayals often seem like Hollywood magic, the reality is that such attacks are very real and are known as man-in-the-middle (MitM) attacks.

So, exactly what is a man-in-the-middle attack?

A MitM attack can target any business, organisation, or person if there is a perceived chance of financial gain by cybercriminals.

It occurs when an attacker positions themselves between two communicating parties to intercept or alter the data being exchanged. By doing so, the attacker can impersonate one of the parties, making it appear as if the interaction is authentic while stealing or manipulating information.

MitM attacks can target conversations between clients and servers or users and applications. For example, imagine your postman opens your bank statement, steals your account details, reseals the envelope, and delivers it to you as if nothing happened. This is analogous to what happens in a MitM attack.

Hackers can use MitM attacks to eavesdrop on communications, steal personal information (like credit card numbers or login credentials), or impersonate one of the parties involved. Typical targets include users of e-commerce sites, SaaS businesses, financial applications, and other websites requiring login credentials.

Detecting a man-in-the-middle attack

MitM attacks are designed to be subtle, making them difficult to detect. However, there are several red flags to watch for:

1. Frequent, random disconnections: While this can be due to various issues, if you experience frequent disconnections and have ruled out other causes, it might be an indication of a MitM attack.

2. Fake websites: Cybercriminals create false websites to make their attacks appear legitimate. Look for subtle differences in logos, colours, fonts, or URLs (e.g., https:// vs. http://).

3. Slow loading times: If a site or app you’ve previously visited takes unusually long to load and you know there are no issues with your internet provider, it could be a sign of a MitM attack.

Protecting yourself from man-in-the-middle attacks

Awareness is the first step in protecting yourself from MitM attacks. Here are some strategies to stay safe:

1. Phishing attacks: Stay vigilant and never give away personal information online. Be cautious of emails, texts, or calls asking for sensitive information. Learn more about phishing scams and how to avoid them.

2. Unprotected routers: Ensure your router and cable modem are not a single device, change default administrative credentials, use the 5-GHz band for Wi-Fi, and disable unnecessary features like HNAP, UPnP, SSH, Telnet, and PING.

3. Web server attacks: Keep your operating system updated, avoid public Wi-Fi networks, use the latest antivirus software, and regularly back up your data.

4. Public networks: Always use a VPN when connecting to public Wi-Fi to encrypt your connection and protect your data from potential eavesdroppers.

By following these steps and staying vigilant, you can significantly reduce your risk of falling victim to a man-in-the-middle attack.

Need further support?

The Cyber Resilience Centre for Wales (WCRC) is here to help. We tailor our guidance and support towards those with limited cyber knowledge to help break down any barriers that may prevent businesses from improving their defences.

So, if you’d like to increase the protection of your small business, the WCRC offers a free membership option, which helps decision makers understand the most common cybercrime risks. We also provide affordable services or get in touch with a member of our team.