Defending Yourself from a Man in the Middle Attack
With your latte in hand, you log on to the free Wi-Fi hotspot in your favorite coffee shop with your laptop, ready to browse, chat or maybe even get some work done — but there's someone invisible there with you. You can't see who it is, but this unwanted and unwelcome gatekeeper stands between you and safe use of the internet, social media or email. This entity sees everything you see and is biding its time — ready to strike.
Sounds scary, right? The Man in the Middle attack is initiated by hackers who intercept email, internet browsing history and social media to target your secure data and commit criminal acts. Unlike phishing scams that require you to actively — although unknowingly — relax your guard and open your defenses, a passive man in the middle attack takes place without you ever knowing you were hacked.
It affects individuals and businesses of every scale. Nobody is off limits. In 2015, a major operation carried out by Europol snared 49 members of a hacker group responsible for targeting victims all over Europe. Their methods involved the use of hacking and social engineering techniques to insert themselves into trusted communications between companies and their customers. Once inside that loop, they monitored communications and tricked unsuspecting victims into sending payments to the criminals' bank accounts.
Attack Methods
Although the huge increase in free wireless hotspots and faster broadband speeds has made our lives much more connected, it has also provided a potential bonanza for those who want to eavesdrop or intercept online activity.
One popular method of attack is for hackers to set up a bespoke Wi-Fi connection. Think about sitting in your favorite bookshop and opening your Wi-Fi settings to connect to the free network. Are all the available networks on the list legitimate Wi-Fi networks that belong to the business, or could some of the options belong to a hacker?
This is a critical question to ask because once you connect to a bogus network, a hacker gains instant access to your device. Hackers can easily create fraudulent Wi-Fi access points that allow them to gain access to the personal information of everyone who attempts to connect.
Email hijacking involves hackers targeting email accounts and eavesdropping on communications. Once they infiltrate this closed system, they can send spoof emails — messages that appear legitimate — requesting everything from money transfers to financial data and passwords. This can be especially problematic when upper level company executives are sent fake — but seemingly authentic — requests for money transfers.
One of the most common types of attack is session hijacking, where the hacker gains control of your browser cookies, which are small pieces of data that store website information when you're browsing. With this access, the hacker can steal a range of data, from your login credentials to the personal details in pre-filled web forms.
Protecting Yourself
Most importantly, always make sure you're browsing securely. By encrypting the traffic between the network and your device using browsing encryption software, you can help fend off potential man in the middle attacks.
Always make sure the sites you're visiting are secure. Most browsers show a lock symbol next to the URL when a website is secure. If you don't see this symbol, check to see if the web address is preceded by "https." The "S" stands for secure, and this ensures your data won't be open to hacker interception.
Using a firewall is also a reliable way to help defend your browsing data. Although it's not foolproof, a firewall provides an extra layer of security when you're using public Wi-Fi. If you browse public Wi-Fi often, it's prudent to set up a virtual protected network (VPN). This type of network secures your traffic and makes it much more difficult for hackers to intercept it.
Keep your security solution software up to date. Cybercriminals won't stop adapting and honing their craft—and neither should the good guys. By ensuring your security solution is up to date, you always have access to the latest cutting-edge tools to keep a watchful eye on your online activity for safe, fun, secure browsing.