Cybersecurity (cyber security) is a buzzword that seems to have appeared relatively quickly in the world of business IT. If you search the term “cybersecurity” or “cyber security” on the BBC News website, there are currently 29 pages of articles from the last 2 years, but these are just the major ones that were deemed newsworthy.
As cybersecurity technicians we reference the Common Vulnerabilities and Exposures (CVE) website which currently lists 166,798 vulnerabilities and this increases daily. I know, that is a scary number of threats and it changes daily.
In this blog we are going to look at one of the most basic forms of attack which is called a man in the middle cyber attack. Despite being one of the oldest cybersecurity threats it is still widely used today and businesses of all sizes loose thousands of pounds as a result.
Our aim is to raise awareness of the dangers of common cybersecurity attacks that can immobilise businesses, we take a look at man in the middle attacks, how they work and how you can protect against them.
Watch The Man In the Middle Video
Watch the video below to find out more about how man in the middle attacks work.
Read Video Transcript
Behind the Hack – Man in the Middle
Every business wants to keep their valuable data safe, but sometimes, without help, it can be hard to identify or stop a breach that would be catastrophic for your business.
Right now our very own ethical hacker is going to show you an example hack that is used every day to get full access to business critical sensitive data and worst of all, he’ll even pretend to be you.
This is called a ‘Man in the Middle’ attack. In this exclusive example it’s instigated by a typical quarantined review email.
Our hacker has worked carefully to make sure it gets through to your main inbox, and looks completely legitimate, but wait, look, the URL has a slight spelling mistake most would miss.
If you were to see that a message from a colleague has been caught in spam, you’d be compelled to click ‘review’ to find out more, this is called ‘Man in the Middle’ because, in this case there’s a log in portal that appears to be genuine but is actually fake and it’s sat right in between you and the real system you’re trying to access.
Again, there’s that tiny spelling mistake, so you enter your credentials, they get passed through and allow you normal access but at the same time, if we check our hackers machine, they’ve also collected your username and password. Meaning whatever you can access, they can access.
Just imagine what they can now do… steal your client information, wipe your data and even email using your identity.
Hackers are well known for resending invoices and asking payment details to be amended, stealing thousands. All of this without you suspecting a single thing. Potentially for days, weeks, even months until you finally change your password.
What Is a Man In the Middle Hack?
Also known as eavesdropping attacks, a man in the middle attack occurs when an attacker intercepts communications between two parties. The attacker then eavesdrops and, in most cases, impersonates one of the parties.
The ‘man in the middle’ is the hacker and they must remain undetected in order for the hack to work, often patiently gathering critical information before launching their attack.
How Does a Man In The Middle Attack Work?
When their target has been identified, hackers use methods such as phishing, IP spoofing, stealing browser cookies, creating fake login portals and sending legitimate looking scam emails to deceive the user into entering their login details.
When the hacker has access, they will usually monitor your systems and wait for the right time to strike.
For example, they may use your email address to email clients and ask them to update their payment information so they are instead paying their invoices to the hacker rather than your business.
How To Prevent Man In The Middle Attacks
With proper cyber security measures in place, your business is far less likely to be the victim of an attack. Here’s how you can protect yourself:
- Train your staff to recognise fraudulent emails and scams.
- Use email protection to reduce the chances of fraudulent emails getting into your inbox.
- Use Multi Factor Authentication so that even with your password, the hacker cannot access your systems.
- Ensure you change your passwords on a regular basis and don’t use the same password for more than one system.
- Consider using a password management tool to improve the security of your passwords.
- Use antivirus software to protect your machines and ensure all your software and hardware is kept up to date.
- Use a professional cyber security provider.
- Consider Cyber Essentials certification to protect against the most common forms of cyber attack.
Protect Your Business with Absolutely PC
Would your staff be able to spot a man in the middle attack and know what steps to take to prevent a breach occurring as a result?
With just one lapse of concentration, your entire business could be crippled by a cyber attack that costs thousands.
If you want to ensure your business is protected against man in the middle attacks and other forms of cyber attack, call us today on 0117 975 9523 or fill out a contact form and we will get back to you.
Other Posts for you to Enjoy