A Man in the Middle attack can be fatal for a company. These are sophisticated attacks that target potentially valuable data. Businesses are particularly affected by this threat, which moves noiselessly and can ruin their operations. Interview with Vincent Meysonnet, Manager of Sales & Engineering, & Content Specialist, Bitdefender France.
(Featured Image:Vincent Meysonnet, Manager of Sales & Engineering, & Content Specialist, Bitdefender France / Image Credit © Bitdefender)
What exactly is a Man in the Middle attack?
The principle itself is nothing new: it is the interception of communication between two systems. This type of attack can be used to eavesdrop on a conversation, spy on exchanges, retrieve information and even modify that information while it is in transit between the sender and recipient.
Can the attack happen within a secure communication channel?
Man in the Middle threats have adapted to modern communication. In 2016, for example, they exploited a flaw in the standard WPA (Wi-fi protect access), which is supposed to secure wi-fi connections. This flaw was corrected with the arrival of WPA 2, the TKIP and AES protocols, but it still runs on WPA.
How does it happen when connected to Wi-Fi?
In the case of “spoofing,” the user is invited to connect to the Wi-Fi network via a page spoofing the identity of the service provider. From this page, attackers can suck up all data from the connected device. Another technique is to attract as many devices as possible to the intercepted network. To do this, hackers connect to the original access point and redistribute the amplified network.
Can you perceive these attacks in the moment?
Nope. They are totally silent. Users will not notice that their communication is being intercepted. The only clue might be a slowing of the connection when the data is modified before arriving safely.
“Hackers know how to hijack computer ports connected to the Ethernet. They also know how to modify IP address matches by sending out invitations through Domain Name System (DNS) servers.”
Are there any precautions we can take?
The use of a security certificate is one. It encrypts the data and only the recipient has the key to unlock it. If this key has been changed during the transfer, the user will be automatically alerted.
At Bitdefender we also offer a feature in our firewall called “Wi-Fi connection monitoring.” It traces the communication from its source to its destination. If an element appears between the two, it is the sign of a Man in the Middle.
Are these attacks just as effective on wired networks?
These attacks are found on all communication protocols. Hackers know how to hijack computer ports connected to the Ethernet. They also know how to modify IP address matches by sending out invitations through Domain Name System (DNS) servers. The most vulnerable protocol is HTTP, it is more complicated on HTTPS sites.
You say that the risks can be fatal for a company. How so?
Without revealing names, I can tell you about the case of a company producing mechanical parts in the automotive sector that lost everything after a Man in the Middle attack: client portfolios, revenue and strategic partners. These threats compromise patents and manufacturing secrets.
What are your recommendations?
Monitor all protocols and combine multiple layers of protection to reduce the scope of possible infections. Above all, never forget to be very careful before using a Wi-Fi hotspot. This is where threats thrive.
Interview by D.S.