How to detect a Man-in-the-middle attack?

What is a Man-in-the-middle attack?

Man-in-the-Middle (or MITM) attack redirects user connection and private data from a trusted participant to an illegitimate third-party source. The most common targets of such attacks are:

  • E-commerce websites
  • Bank websites
  • SaaS companies

The attacker aims to redirect a user from a genuine website to a fraudulent website. They build it in such a way as to convince the victim to enter personal or login information. In recent years, the attackers evolved in creating convincing fake websites and quite well match the original website. That means users with more experience are also falling into the trap of MITM attacks. For instance, the victim thinks it is logging into their bank account or buying a product. But actually, the user is giving sensitive data to the criminal. Therefore, being watchful and careful is absolutely necessary.

There are a lot of techniques that a MITM attacker can use to direct a user to a fraudulent website. One of these techniques is through Malware. It is possible to install Malware on every device or browser that accumulates information inserted on a website, also if it’s protected.

How to protect yourself?

  • Unsafe hotspots – Free Wi-Fi could be very useful, yet it holds a major safety risk. If it is necessary, use public hotspots, but be careful and use them only for casual purposes. Avoid including sensitive information.
  • Make sure you connect to HTTPS – Standard HTTP connections are less secure than HTTPS. Moreover, make sure to avoid websites protected by HTTPS, but you receive a warning of a certificate mismatch. Typically, that error appears when the settings are not accurate, and it’s better to stay safe.
  • Activate a firewall to protect yourself from Malware – It is best to install and operate with antivirus software. In addition, activating a firewall on your device is also going to keep you safe from attack. A lot of Man-in-the-Middle attacks include the installation of Malware to the targe’s device.
  • Change the admin password on the router – Most of the latest routers are internet-connected. For that reason, it is best to change the admin password and username to keep it safe from attackers getting access to its settings. 

What are the signs?

Man-in-the-Middle attacks are quite difficult to detect. However, their presence does produce ripples in the otherwise normal network motion. Some of them, professionals in cybersecurity and everyday users are able to notice. But, unfortunately, the general practice is to prevent them more rather than detect them. 

Here are some of the signs to look for in case of a Man-in-the-Middle attack is initiated on your network.

  • Sudden and/or repeated disconnections – Usually, hackers forcefully disconnect users in order to intercept the username and password while the victim attempts to reconnect. For that reason, it is a good idea to monitor for sudden or repeated disconnections. You can point out this possibly unsafe act proactively.
  • Unusual addresses in your browser address bar – In case something in the particular address seems strange, even something small, double-check it. There is a possibility that it could be a DNS hijack. For instance, if you see something such as go0gle.com rather than google.com. That is a sure sign. 
  • You log into public and/or unsafe Wi-Fi networks – You should be very cautious when it comes to connecting to any network. In addition, it is best if you avoid public Wi-Fi as much as possible. Hackers manage to create fake networks with associated ID names such as “local wireless” or another familiar name. The goal is to trick people into connecting with it. Once you connect to such Wi-Fi created by the attackers, they can easily see everything you send on the network.

Suggested article: How to protect against DNS poisoning?

Author: Dominic

Leave a Reply

Your email address will not be published.