Man In The Middle Cyber Attacks: What You Should Know

Australians are particularly lax about taking basic cyber hygiene action to prevent their data from being exposed

According to Australia’s national notifiable data breach scheme, 245 breaches occurred in the three months to June 2019. It is clear that Australians are particularly lax about taking basic cyber hygiene action to prevent their data from being exposed. Two in three Australian workers have clicked on ‘unknown sender’ links at work, jeopardising the security of their business and colleagues.

A man-in-the-middle (MITM) attack can take shape online in any number of ways – this is when an outside individual, often a hacker, intercepts and/or alters communications between two systems. Be it email, social media, banking or simply any webpage you would log into using your Internet browser, hackers can get between you and whatever system or person you’re interacting with, to capture your data and information.

As threats continue to evolve and change, it’s an individual’s responsibility, and in their interest, to make sure they’re cyber security literate and understand how attacks work.

Three of the most common types of MITM attacks include:

• Wi-Fi interference - where a hacker uses a wireless connection to eavesdrop on anyone connected to the Wi-Fi network. This allows them to gain access to a host of personal, financial or corporate information. Hackers set up a Wi-Fi connection and wait for their victims to connect. This includes waiting for unsuspecting individuals to connect to a phony hotspot intentionally named to trick them into connecting (think ‘Free WiFi’ at coffee shops and airports). Once a device is connected to the hacker’s network, they have access to all the information on the connected device.

• Email hijacking - hackers can single out their victims by targeting their email accounts. High-profile corporations, financial institutions and banks tend to make headlines as the most often targeted in such MITM attacks. But anyone can be a victim. Once attackers have access to their desired email account, they quietly monitor the correspondence and wait for an opportune moment to make their move. Slipping into a conversation involving money transfers is a common tactic. Hackers will insert themselves into the email conversation at the precise moment, faking a company email and providing their own bank details so victims transfer their money straight into the hackers’ accounts, while believing they are sending money to the legitimate company.

• Session hijacking - When you log onto a website, a connection between your computer and the website is established, and hackers are able to hijack this session with the website. There are various ways to hijack the session, but one of the most common ways is by stealing browser cookies – yes, those things you “accept” every time you jump to a new website. Cookies can store all types of information, everything from online activity to login credentials to your location. Once hackers have access to these login cookies, they can very easily log into your accounts in which you accepted cookies.

Barringtons security risk management and assessment team has decades of experience working with clients of all shapes and sizes across a broad range of industries. Their arsenal of Risk Assessment Management Services includes Cyber Security Risk Assessments and Cyber Penetration Testing and they are able to provide a quick turnaround on any enquires and develop valuable solutions in addition to reporting on any weaknesses in an organisation.

Source: https://australiansecuritymagazine.com.au/man-in-the-middle-syndrome-its-not-about-lack-of-attention/ 

For more information on how Barringtons can help you please click here.