Topics In Demand
Notification
New

No notification found.

BE CYBERSAFE - FIGHT MITM(MAN IN THE MIDDLE ATTACK)
BE CYBERSAFE - FIGHT MITM(MAN IN THE MIDDLE ATTACK)

April 29, 2022

230

0

Man-in-the-Middle Attacks

A man in the middle (MITM) attack occurs when a perpetrator inserts himself into a communication between a user and an application, either to listen in or to mimic one of the parties, making it appear as if a normal information exchange is taking place.

An attack's purpose is to steal personal data such as login credentials, account information, and credit card numbers. Users of financial apps, SaaS enterprises, e-commerce sites, and other websites that require signing in are typical targets.

Types of Man-in-the-Middle Attacks

  • Email snooping

Threat actors hack victims' email accounts and listen in on their email chats in email hijacking. Phishing lures, such as social engineering approaches, are also used by email hijackers to gain sensitive information or inject malware by impersonating an authorized individual.

  • Spoofing Attacks on IP Addresses

Hackers establish a fake IP address source to impersonate another computing machine in an IP spoofing or IP address spoofing attack to break into a network and covertly monitor the activity. To initiate Denial of Service (DoS) assaults, threat actors usually use IP spoofing tactics.

  • Hijacking a Session

Session hijacking, also known as cookie hijacking, is a method of gaining unauthorized access to information or services on a website, application, or device by exploiting an online session.

  • Eavesdropping on Wi-Fi

The majority of public Wi-Fi networks are unsafe and easy to hack. Threat actors frequently use public Wi-Fi hotspots to enter user networks and listen in on their conversations.

Cybercriminals could potentially launch a Wi-Fi Eavesdropping attack by setting up an Evil Twin Wi-Fi hotspot, which is a fake Wi-Fi access point that eavesdrops on wireless conversations.

  • Man-in-the-Browser (Man-in-the-Browser)

Threat actors strive to exploit vulnerabilities in browsers and web applications to deliver malware, Trojans, and malicious Java scripts to collect users' sensitive information in real-time in man-in-the-browser attacks.

MITM Attack's Consequences

An attacker could use a successful MITM attack to:

  • In an ongoing discussion or data transfer, they position themselves as proxies.
  • Utilize communication and data transport in a stealthy manner.
  • Obtain private information such as trade secrets or financial transfer information.
  • Incorporate harmful programmes or links that appear to be valid data.

How Can Man-in-the-Middle Attacks Be Prevented?

Most MITM attacks may be recognised and prevented if basic security and encryption procedures are followed.

  • When utilising e-commerce or banking websites, avoid using public or insecure Wi-Fi networks.
  • Keep an eye out for unprotected website notifications in your browser.
  • After the session, properly log out of all online programmes.
  • Use an intrusion detection system to protect your device. To prevent unauthorised intrusions, set up powerful firewalls and protocols.
  • TLS and HTTPS are secure communication protocols with strong encryption and authentication mechanisms.
  • Before visiting an unknown or unsecure website, double-check the domain names and browsers.
  • For verification, look for a green or grey padlock to the left of the web address. The website may be insecure if the browser displays a red padlock.

Prevent MIMT attacks with MRC

We ensure your organization incorporates the world's most secure, robust, and simple user/employee authentication system into your workflow. With features that include:

  • Push-based Authentication
  • Authenticator App
  • U2F FIDO Authentication
  • Biometric Verification-voice biometrics
  • Location-based Authentication
  • Text Message (SMS) Authentication
  • Email Authentication

The principle of least privilege establishes a minimum set of user rights that allows a user to access just those resources that are required to execute his or her job. It decreases the danger of unauthorized users, apps, without affecting the organization's overall productivity.

With our contextual based Access control we can limit users based on:

  1. Role based access control
  2. Time based access control
  3. Location based access control
  4. Network based access control
  5. Domain based access control

With Server Administration solution, maintaining Server security is now easier than ever. A secure solution with built-in server security capabilities provides cutting-edge security while allowing you to focus on your Business. With features like graphical session monitoring, our server administration solution helps you safeguard and manage your SSH key life cycle with our next-generation AI technology.

 


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


Business leader with 28 years of global business management experience and with deep exposure to IaaS, PaaS, SaaS, Business Analytics and Cyber Security practices.

© Copyright nasscom. All Rights Reserved.