What Is A Man-in-the-Middle Attack And Can You Prevent It?

Written by Jonathan Hunt

29 May, 2019

There is a form of cyber attack doing the rounds called a man-in-the-middle attack, or MITM for short. Many companies have been hard-hit by it, losing out on substantial amounts of money as a result. However, it is not just companies getting hit by this specific type of cyber attack, it is also individuals, when a cyber criminal compromises a public Wi-Fi. So, what is a man-in-the middle-attack? Let’s imagine a scenario where your company owes money to one of your suppliers for services or stock they supplied. You receive an email with the invoice so pay it on time. However, after a few weeks, the supplier calls you to ask why you haven’t paid the bill; you reply that you have already transferred the money, but their bank statement says otherwise.

So what happened?

A hacker intercepted the invoice and changed, rather cleverly, only the bank account details (keeping the amount the same) before forwarding the invoice back to you, its intended recipient. The email looked exactly as you expected and appeared completely legitimate so you paid the money, unwittingly transferring it into the wrong account. This is known as a man in the middle attack (MITM).

How does a hacker intercept an email?

In order to intercept the email, the hacker would need to upload the man in the middle malware (malware, short for malicious software, is a term that refers to intrusive software.) The hacker does this by uploading a trojan (a malicious computer program which misleads users of its true intent) to open a backdoor and upload the MITM malware. The malware can be automated to search for bank account details and overwrite them with new details. Alternatively, it can send the email directly to the hacker, who is then able to manipulate the invoice before sending it on.

Are there any symptoms of MITM?

Man-in-the-middle malware can be very difficult to detect, so the best strategy is to prevent the initial Trojan that enables the hacker to install the malware. Backdoor Trojans are often spread via:

  • Scam/spoof emails or their attachments
  • Fake Java or Adobe updates
  • Fake online virus scanners
  • Fake online system tools that promise to speed up your computer
  • Keygens, cracks and unofficial patches for games or other premium software.

How can you prevent a Man-in-the-Middle attack?

1. Make sure your Wi-Fi connection is secure

A man in the middle attack is often launched through a compromised Wi-Fi router. To prevent this, make sure your Wi-Fi router uses WPA2 encryption and reset the default password to a strong password with around 20+ characters. Public Wi-Fi is not secure enough for banking.

man in the middle attack

2. Do not visit non-secure sites

If a pop-up message warns you that the site’s certificate has a problem, don’t visit the site. It’s not worth the risk as it could be a spoofed site or compromised with malware. Be sure to check that the URL of a website starts with HTTPS rather than just HTTP (the ‘S’ stands for ‘secure’.) man in the middle

3. Make sure your computer is secure

Keep your operating system, applications, and antivirus patched and up to date. Make sure this applies to all your devices. Ensure malware protection is installed and up-to-date and disable Autorun on all drives. (Control Panel> Autorun, select “Take no action” for everything) A strong login password is also vital – 10-character minimum, mixed letters, numbers and symbols. Run regular virus scans, making sure that all firewalls are up-to-date and have had their default passwords changed. On top of this, set up 2-step verification on all your key accounts, such as your main email account and all bank accounts. man in the middle

4. Phone before making payment, confirming the amount AND the account details

Before making any bank transfer over email, make sure you phone to check both the amount and the account details. To confirm account numbers over the phone, use the same technique used by banks – confirm the 3rd, 4th, 6th and 8th number rather than the entire number. When phoning, do not use the phone number displayed on the email – the hacker could have changed that too; use the phone number from your own records or from their company website instead. man in the middle

Download our Cyber Security e-Booklet

If you require any further help with preventing cyber attacks such as MITM, you can download our cyber security e-booklet here. If you feel you or your staff members could benefit from some extra cyber security training or would like to book a security assessment, call us on 0330 202 0220 or fill out our contact form.