READ ALSO: Simulate hacker attacks on the wifi network
Man-In-The-Middle Attack: How To Recognize And Avoid It
In the following chapters, we will show you what a MITM attack consists of, what types of attacks we can suffer and what we can do to prevent a hacker from exploiting this advanced attack to steal personal information or sensitive data from our PC or any other. device connected to the network.
What is a Man-In-The-Middle Attack
The term Man-In-The-Middle, which we can translate into Italian as “man in the middle”, suggests the nature of the attack: a hacker intrudes in the communication of networks between two subjects without their realizing it, to intercept him.
Once this type of attack has been launched, the hacker can check the Web pages we open in the browser, listen to chat conversations or video calls, intercept home banking pages and steal passwords to access Facebook or other sensitive sites.
Types of MITM Attacks
This type of attack can be carried out in various computer techniques, which the hacker will choose based on the vulnerability of the devices in use and the type of device the victim uses:
- Man in the browser: one of the most powerful and effective attacks. With this type of attack, the hacker infects the victim’s PC with targeted malware, which takes control of some browser functions. When we suffer this attack, all the web pages opened in the infected browser are sent to the attacker, including the home banking or login pages (which will be modified and altered without the browser reporting anything abnormal).
- DNS spoofing: another very advanced technique, which modifies the way our device requests web pages on the Internet. When we connect to the Internet and type the name of a site in the browser, the latter will contact the DNS servers in use (such as a telephone directory), in order to obtain the right IP address associated with the name entered; a computer infected with DNS spoofing will display fake pages, even if we correctly type the name of the site we want to reach (home banking sites and social sites such as Facebook are targeted).
- IP spoofing: one of the oldest, but still effective attacks. The attacker enters the local network and makes the connected devices “believe” to be the “router”: in this way all the data passing through the network will reach his device (usually a modified router or a particularly powerful PC) and will be able to analyze all data passing through the network (via a simple network sniffer).
- ARP spoofing: This attack works in a similar way to the IP spoofing attack: the hacker breaks into the local network and poisons the ARP requests, which allow devices to recognize each other within the network. Once the ARP is poisoned, all the data on the network will pass into the computer of the attacker, so as to be able to check and read all the data exchanged (including those of the login pages).
There are also other MITM techniques, but these are undoubtedly the most famous and still used today to carry out attacks of this type.
How to recognize and avoid MITM attacks
Recognizing and intercepting a MITM attack can be a difficult undertaking, even for a user who considers himself an IT expert.; this is because the sites will work, as usual, the browser will not report anything and no antivirus is able to check if the network data arrives at the destination without having passed through other devices or through well-studied deceptions. Most people only realize they are under attack after identity theft, account theft, or the disappearance of large sums of money from checking accounts.
To avoid any kind of Man-In-The-Middle attack it is advisable to follow these simple rules:
- We use a VPNWe may use a VPN to protect ourselves, particularly when connecting to public Wi-Fi Hotspot networks. By doing so, we will neutralize the interception of data, since even in the case of MITM all connection data is encrypted, effectively making this type of attack useless. To learn more we can read our guide How to choose a secure VPN that does not spy and does not share data.
- Let’s check SSL certificates: when we connect to a sensitive site (home banking, Facebook, or Amazon for example), we check that the SSL security certificate is valid and certified by a third party. The self we get errors on the SSL certificate on one of the sensitive sites, we immediately close the connection and try again from another PC, perhaps under VPN.
- We update the operating system and browser: Keeping your operating system and browser up to date will make us less vulnerable to malware and exploits and consequently to MITM attacks.
- We avoid using public networks for sensitive data: home banking or accessing credit card data are dangerous operations to do in public, so it is better to wait to get home or to be connected to a secure Wi-Fi.
- We enhance the security of our local network: we try to use a powerful router and difficult to “poison”, we always use WP2 on all active Wi-Fi networks, turn off WPS and choose one password for wireless hard to guess.
- We choose a powerful antimalware: Many paid antimalware also have local network control modules, so they can intercept MITM attacks before they can do any damage. To learn more, we recommend that you read the guide Download paid antivirus: free trials and updates.
Conclusions
With Man-In-The-Middle attacks, don’t mess around at all: they can lead to very important damage, especially if our bank details or access data to the site are intercepted. The best hackers are able to carry out very effective MITM attacks, but even law enforcement often use this attack to intercept communications from criminals and terrorists. If we do not belong to these two categories it is sufficient to follow the rules seen above to avoid most of the Man-In-The-Middle attacks.
Other useful tips to avoid this type of cyber attack and to avoid having to deal with malware can be found in our guides Defend against social engineering techniques to steal personal data and scam e Recognize fake, scam, non-genuine emails.