Imagine if you were to send a letter that, on its way to its intended recipient, was intercepted by someone else – who then read it before repackaging it and sending it to the person who was actually meant to receive it. Neither you nor that person could be any the wiser about the interception.
This is one example of what could be called an offline man-in-the-middle (MITM) attack – but, alas, online forms of MITM attack exist, too. Worse, online, there are various complex ways that your communications can be intercepted, making the security breach potentially very tricky to detect.
How businesses can be affected by MITM attacks
One especially big reason to fear the possibility of a MITM attack is that you simply can’t be certain what the guilty person could want to do with your information they find. For example, they could opt to modify content you send or steal sensitive data, such as personal or payment details.
Online, a MITM attacker will strike between two computers – like a laptop and a remote server. However, this person doesn’t strictly require direct, physical access to either of these two pieces of hardware in order to intercept traffic passing from one to another.
How-To Geek implies that the MITM architect could simply eavesdrop on your corporate communications or, especially worryingly, steal information. This could include information that, if leaked publicly or to other parties, could risk your firm’s security and consequently its reputation.
Would it be safe for your workers to use public Wi-Fi networks?
To orchestrate an MITM attack on your company, someone only needs to have access to a network it uses. A good case in point is that of a public, unencrypted Wi-Fi network, which members of your team could occasionally end up using for work purposes while on their business travels.
An attacker could log onto one of these networks at one of the usual places, like an airport or cafe, and use a free tool to capture information sent over the network. For this reason, your workers should follow MUO’s advice not to use public Wi-Fi whenever possible.
Nonetheless, there might be instances when avoiding such Wi-Fi would not be practically viable – in which case, the worker in question should at least limit their security risk by visiting only websites that use the “https” protocol. These sites encrypt the data they send, meaning that any attacker’s attempts to decode it would ultimately be foiled.
Can https itself be foiled by an MITM attack?
Sadly, yes. An attacker could use a technique like SSLStrip, where the web browser is forced to stay in the basic, less secure http mode rather than switch to https where it is available. That’s why you should watch out for indicators, such as in the address bar, warning that you aren’t using https.
As SSLStrip can still too easily elude notice, though, you should also consider implementing a multi-level, endpoint security software solution – like Wandera’s Threat Defense tool – capable of blocking MITM attacks.