A man-in-the-middle attack (MITM), also called a “bucket brigade attack,” is exactly as it sounds.
It’s the act of someone eavesdropping on communications between two parties online. The attacker will use the information they gather from eavesdropping and later make direct contact with the parties. This leads them to think they are talking to each other and not an attacker.
In other words, attackers impersonate one or both parties. All they need is to be within the reception range of a wireless access point and they can become the man-in-the-middle.
Let’s take Dave and June as an example:
Dave and June communicate with one another, but Greg decides to eavesdrop on the conversation. Then he delivers a false message to June that appears to be from Dave. This way, Greg can gather sensitive information from June.
Man-In-The-Middle Attack in Email Communication
In email communication, an email can have malware attached to an attachment.
If the recipient of the email opens the attachment and the malware is released onto their computer, the attacker can gain access to the user’s web browser. He can, for example, see the data that is sent and received during financial transactions and conversations.
When the attacker has control of the web browser, they can also direct the user to fake websites that look legitimate.
For instance, they can direct the user to a fake PayPal site that looks like the real thing. The user logs in, and then the attacker has the login credentials of the user.
To carry out this scheme even more accurately, the attacker can make themselves a proxy between the fake site and the real site. So, the user really believes that they are in their PayPal account. What they may not notice is that the address in the address bar says http:// instead of https://, which indicates a secure site.
Unfortunately, attackers have been known to fake or forge certificates, which means they still can complete a MiTM attack.
The idea is to stop the attacker right at the source, which is the email account.
Preventing Man-In-The-Middle Attack in Email Communications
Defending against MiTM attacks requires layered security.
- First layer is the email provider where individuals and companies create accounts and
- Second layer are the individuals themselves. They need to be aware of suspicious email activities.
An email provider needs to implement email service that can detect malicious activity in real-time to prevent MITM breaches. This kind of protection is important for companies because they aren’t necessarily outfitted to thwart these attacks. They must have the technology built into their security architecture to minimize the risks, but most of them don’t.
If email providers aren’t properly outfitted, then individuals and companies aren’t with the right email service. Companies have a lot to lose and so do individuals that perform financial transactions online.
It is also important to not open attachments without knowing what they are and who they are from. However, an MITM attack involves a person posing as someone you know. So, it can be very difficult to tell what is legitimate and what isn’t. If you aren’t expecting an attachment from the sender, call them on the phone and ask them. This could also alert them that an attacker has hacked their system.
It’s unfortunate that cyber-attacks are becoming so sophisticated. But, being armed with today’s email security solutions and educating colleagues, friends, and family can help minimize the threat. Always stay aware and perform regular virus and malware scans, especially if you have opened an attachment that you aren’t sure of.
The next step is for you to take action and secure your online communications. You can do this by starting with email. Using an email service that encrypts your communications can keep hackers away from personal details, preventing them from causing you harm later. Remember, cyber security is important to everyone, so every person that secures communications makes an impact on internet users as a whole.