A wristwatch. A Mont Blanc pen. A Fabergé egg. James Bond had a range of tools in his arsenal of gadgets for tracking, tracing, and wiretapping. And though his devices were all stealthily concealed as harmless everyday items, they were usually in plain sight. Not so today. Spying has now become a high-tech scheme with incredibly high stakes. And often, we're not even aware it's happening.
The term cyberattack isn't new to most of us. Way back in the 20th century, we were already familiar with Trojan malware and relied on antivirus software to protect our data and computing systems. However, as our devices have become more powerful and mobile, they have also become a gateway to much more critical and sensitive data and information. This has made them an evermore appealing target for cyberattacks. And while security technology has gotten more sophisticated, so too have hackers.
How are hackers attacking us?
Cyberattacks infiltrate our computing systems, networks, infrastructures and mobile devices in a variety of ways. However, the main goal is always the same: to pilfer data, manipulate users, delete information, or destroy entire information systems. We saw this recently as many hospitals were infected with ransomware demanding money to restore vital medical systems and patient data. In this case, though the goal was financial, private data was compromised, and healthcare was jeopardized in the process.
Though ransomware is one of the most prevalent forms of attack, there are countless forms of cyberattacks to be on the lookout for. One of the most deceptive is the man-in-the-middle attack (MITM). In this attack scenario, the hacker intercepts communications, rather than actively hacking security software, by getting in the middle of users and the content (email, platform, bank account) they're trying to access. These attacks are tricky and difficult to detect because they often involve fake user interfaces (e.g. login pages) that nearly mirror the real user interface channels. So users don't even suspect that they're providing personal details and login credentials to an unauthorized third party.
Different methods for MITM attacks hinge on the level of access hackers have to the computer systems they want to attack. Here are some standard techniques:
In these scenarios, hackers take advantage of the security risks posed by unprotected public LANs and WiFi networks to control how IP addresses are assigned. This allows hackers to read and direct incoming and outgoing computer traffic, meaning they can see a user's communications and communicate while pretending to be the user.
DNS cache poisoning:
When you type a website URL into your Internet browser (e.g.
nevis.net), you initially make contact with the website's DNS server. Since your computer reads numbers and not letters, the DNS server provides an IP address (numerical), so your computer can access the website. These IP addresses are stored in a DNS cache. By infiltrating this cache and altering IP addresses (simply changing a few numbers in the address), hackers can redirect Internet traffic to any given website, including a fake version of the website a user is attempting to access.
Session hijacking:Every time you log into a website, that website provides your device (computer/mobile phone) with a token, which is used to identify your device (and you) for the duration of the session. As soon as you log out, this token is no longer valid. However, when hackers hijack your (logging) session, they use, e.g. malware, to steal this token. At this point, the hacker can simply pretend to be you.
Protecting against MITM attacks
MITM attacks are an incredibly effective way to gain unauthorized access to data, mainly because they are challenging to uncover. There are some good indicators that you may be a victim of a MITM attack:
- Unusually slow loading times.
- Unanticipated and continuous interruptions to service or disconnections.
- Unusual URLs in your browser address bar (e.g. HTTP instead of HTTPS)
However, even these indicators aren't always present or even obvious unless you are hypervigilant. As such, identity security is contingent on avoiding MITM attacks in the first place.
But what can you do to prevent Man-in-the-Middle (MITM) Attacks?
As a website operator
the best preventive measure is always information. Keep your customers informed about how you DO NOT request data, i.e. via email links or SMS prompts. This will prevent them from inadvertently communicating with hackers posing as their service providers. However, adding extra layers of security like multi-factor authentication, including biometric indicators, will make it harder for hackers to get in the middle of you and your customers.
WebAuthn is particularly proven against MITM attacks. WebAuthn (Web Authentication) is an open web standard developed by the W3C (World Wide Web Consortium). It uses a public-key cryptosystem to secure authentication and prevent man-in-the-middle attacks. When a user logs on to an online service provider and uses WebAuthn for authentication, the user generates a pair of public and private keys. The private key is never sent to or stored on the server but is always on the user's device.
As an Internet user
you can take your security into your own hands by always ensuring that you are running the most updated version of your web browsers and operating systems, which include the latest security patches and bug fixes. Try not to use public WiFi connections. However, if you need to use them, don't provide sensitive information or make monetary transactions. Activate multi-factor authentication if your service provider offers it. And be smart about the links you open.
Ultimately, it is up to both users and service providers to take the necessary precautions to keep data secure and out of the wrong hands.