What is a “Man in the middle” attack and how to prevent it

It is present in all sectors and I am almost sure that you have heard about it on more than one occasion. “Man in the middle” or what is more commonly known as intervention attack, are those cyber attacks in which a hacker intervenes in communications between two people, sender and receiver, in order to intercept the message and modify it without anyone notice visibly. Its equivalent in the offline world would be that the postman modifies the letter before delivering it to its recipient.

In these cases, cybercriminals most often create a malicious network trying to impersonate a secure network and intervene in all communications that pass through it. Once the victims connect to their network, cybercriminals have total control over their communications, and can intervene, modify and send them to their recipient, being one of the most difficult cybercrimes to detect. For example, in other malware, the victim can detect at a glance that she has been attacked, in the case of “Man in the middle” it can take weeks before the attack is detected. An example of this is how a few years ago, with this method, some hackers managed to steal 1 million euros from an Israeli startup, and as a consequence, they bankrupted it. The attack intercepted the communications between the venture capital and the startup, and thus managed to cancel a face-to-face meeting between the two, and modified the account number, attached to an email, for the transaction of the funds. The venture capital paid the amount into a fake account controlled by the hackers, thinking it was the startup’s.

“Man in the middle” or what is more commonly known as intervention attack, are those cyber attacks in which a hacker intervenes in communications between two people

In Spain we also have several cases. For example, last year, through this technique, some hackers managed to steal 1 million euros from the Seville City Council. In this case, the City Council reported the theft several weeks later, when they realized what had happened.

Although there are several types of “Man in the middle” attacks, some of them are: attacks based on DHCP or DNS servers (attackers use your computer as if it were a DHCP server on a local network), ARP cache poisoning (technique of hacking used to infiltrate a network, with the aim of sniffing the packets that pass through the LAN, modify the traffic or even cause a denial of service), simulation of a wireless access point, Man-in-the-browser ( Trojan that after infecting a machine is capable of modifying web pages, content or transactions, in a way that is invisible to both the user and the web server) and Human assisted attack (occurs when an attack pattern is not purely automatic, but is controlled by one or more attackers in real time.).

But can it be avoided?

In these cases, the most important thing is prevention, it is vital to provide any organization with a computer security scheme to prevent it from becoming an easy target for cyber attackers. Currently, 93% of cyberattacks come via email, so it is very important to work on a secure channel for the exchange of company information, in order to avoid this type of situation.

It is imperative that any file is sent with End-to-End encryption, to ensure that the genuine version of the file is available and that no one else is behind the communications. The encrypted transfers are subsequently identified with a unique checksum code that is validated on departure and receipt to ensure that the content has not been modified.

What is known as a checksum is a checksum that is obtained from a data source; This is used to verify that the file that we have downloaded maintains its original identity.

In short, the main thing in these cases is to work with a secure channel, where any cyber threat is completely eliminated, thanks to the company’s advanced security policies.

By Eli Bernal, VP Global Sales & Innovation at transfer