Adversary-In-The-Middle Attack (AitM)

Adversary in the Middle (AITM) Attack (formerly referenced as Man-in-the-Middle) is a technical term for when a hacker positions himself in a conversation between a user and an application; either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway. The main goal of these attacks is to steal sensitive information from the victims, such as login credentials to online accounts such as email, banking, or virtual private network. 

Often these attacks occur on rogue Wi-Fi networks masquerading as the local businesses real Wi-Fi.  Unsuspecting users connect to the fake Wi-Fi network and their traffic is intercepted and inspected for these juicy authentication details.

Fortunately, most websites have established https requirements which can hide authentication information unless the hacker is using an HTTPS proxy combined with spoofed DNS requests.  In these cases, the hacker can pretend to be the actual website you’re attempting to log into, however, the SSL certificates can be a dead give-away that something’s amiss.

These types of attacks are often paired with phishing attacks and attempt to convince users to click malicious links or enter in personal data on a fake webpage to steal their personal information.  These fake websites can have legitimate SSL certificates that avoid the earlier mentioned SSL certificate issue that comes with spoofing a legitimate website address in DNS.

Source: Imperva

Additional Reading:

1. Man-in-the-Middle Attacks: A Growing But Preventable Mobile Threat
2. Wiki Leaks reveals CIA’s Man-in-the-Middle Attack Tool

Related Terms:

• Phishing
• Spear-Phishing
•  Session Hijacking Attack

What does this mean for an SMB?

As an SMB, there are some actions you can take to reduce the likelihood of becoming victim to Adversary-in-the-Middle attacks. As with most cyber threats, being aware of the attack and where or how it is perpetrated is crucial. Therefore, be sure to educate employees on how to protect themselves while on WiFi networks and what a AiTM attack is will help a great deal. Aside from user education and awareness training, here are a few things you can do:

• Avoid Public, Unprotected WiFi networks;
• Ensure websites you are using are secured with HTTPS protocols;
• Log out of applications when not using them;
• Use a VPN to secure and encrypt your connection whenever dealing with sensitive information or transactions.

To learn more about AitM Attacks, watch this short 3 minute video:

https://www.youtube.com/watch?v=DgqID9k83oQ

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!

Sign Up Today!