Man-In-The-Middle Attacks: What Are They and How to Guard Against Them?

Maybe you've wondered what could happen if you sent sensitive information over the Internet and someone read it over your figurative shoulder. While you might have written this notion off as silly, you shouldn't, since such attacks actually take place with alarming frequency. Unauthorized third parties place themselves between their victim and the Internet, digitally eavesdropping on how the two communicate with one another in what is known as a man-in-the-middle (MITM) attack.

Below, we'll fill you in on what man-in-the-middle attacks are, how they're carried out, and what you can do to protect yourself.

A man-in-the-middle attack occurs when online communication channels are tapped into and monitored without the victim realizing it. They get their name from the intermediary role that the attacker assumes, namely, between the victim's computer or device and a specific online resource they're trying to access, such as a website. Through these, attackers can siphon off sensitive information like usernames and passwords. Such attacks are made possible owing to security gaps or weaknesses in how the victim's device communicates with the Internet.

Generally, MITM attacks can be broken down into two phases: First, data is captured, and then it is decrypted.

In order to 'catch' your data, the attacker needs to convince both parties (for example, your computer, and the server of the website that you're attempting to access) that you're directly communicating with one another. Of course, since the attacker is in between you, they need to make it seem that they're not. Decryption is needed to make the data that's captured, such as net banking credentials, actually usable.

There are a number of weak points that cybercriminals can exploit to execute different types of MITM attacks. Often, spoofing will play a role. This is a kind of manipulation in which something is presented differently than what it actually is.

Below, we've summarized the various kinds of MITM attacks:

Unfortunately, the above is just a selection of the most prevalent kinds of man-in-the-middle attacks, and there are plenty of others. For example, hackers can install malware in your web browser (referred to as a man-in-the-browser attack). Similarly, emails can be intercepted in order to monitor how you interact with your bank.

As such, the sky is the limit when it comes to methods and exploits, making it almost impossible to guard against all of them. For that reason, the more important question is how to recognize and prevent MITM attacks.

Unfortunately, it can be very difficult to recognize a man-in-the-middle attack when it's ongoing. Still, some indications include:

• Disrupted connections & long loading times: A possible indicator that a man-in-the-middle attack is occurring is multiple disruptions in your Internet connection. Longer load times can also be a red flag. Of course, these can just mean that the network you've connected to is having issues, or that the ISP is performing maintenance work.
• Loss of HTTPS Encryption: Whenever an HTTPS address in your browser changes to an unencrypted HTTP one, there's a strong possibility that a MITM attack is underway.

Don't expect to be able to identify a MITM attack as it's ongoing. Instead, invest your efforts in prevention and minimizing risk, since there's a lot you can do.

Bad news first: There's no such thing as 100% protection against malicious middlemen, as a determined and skilled cyber criminal will always find a way to undermine even the most formidable digital defenses. Still, there are a number of steps you can take to make yourself as hard a target as possible. Most hackers look for 'easy' marks and won't waste their time on tougher opponents. Accordingly, we identified 9 measures you can take to counter the threat of MITM attacks.

Websites that lack adequate encryption are particularly susceptible to MITM attacks. Specifically, we're talking about HTTP connections that don't have Secure Socket Layer (SSL) encryption.

For that reason, make sure that you only visit HTTPS websites. Your browser will usually alert you when visiting unencrypted websites anyways.

Powerful and up-to-date encryption is also important on routers. For these, WiFi Protected Access (WPA) has become the standard. Along with ensuring that your router has adequate encryption, you should also check that its firmware is current and that your router's login data and WiFi password are changed regularly.

Whether in a Starbucks or at the airport: Lots of MITM attacks are orchestrated on public WiFi since these lack the protection afforded by home or corporate networks. When connected to a publicly accessible network, exercise extra caution (especially when visiting unencrypted HTTP websites). To enhance your defenses, you can use software like VPNs, but more on these below.

This one doesn't only prevent MITM attacks, but all sorts of nasty cyber surprises: Don't open suspicious emails, and if you do, definitely do NOT click on or download any links or attachments. The same goes for messages that look like they might have come from your bank, favorite online marketplace, or social media network asking you to submit your login details or other sensitive information. Supposing that you have an account with one of these services, they already know your password, birthday, and so on. What's more, such services will never ask you to supply such information via email or over the phone.

The more accounts you have, the more passwords you'll need. To make these as effective as possible, there are a few important rules to keep in mind:

1. 1.
   Create secure passwords. These should be at least eight characters long and include numbers and special characters.
2. 2.
   Don't recycle passwords. Each account you have requires its own unique password. In this way, you prevent password thieves from using the same password to gain access to other accounts associated with your email address.
3. 3.
   Regularly change your passwords.

If you have lots of accounts, it might feel impossible to guarantee adequate security for all of your passwords without some help. Password managers don't only remember all of your passwords for you, giving you access to them with one master password, they'll also let you know when your passwords should be changed, and help to create new ones.

Two-factor authentication, also known as multi-factor authentication is a measure that provides your accounts with added security. With it, a password isn't enough to gain access to your accounts, as a second factor (such as clicking on a link in an email or inputting a code from an authenticator app) is needed.

This complicates matters for data thieves, as they need to also have access to the second factor in order to pry open your account.

Whether email, video (i.e. Zoom or Google Meet), or just chatting (WhatsApp, Signal, etc.), make sure your online communications are always end-to-end encrypted. This guarantees that your messages arrive encrypted to your recipient, and only they can decrypt them. No one - whether admins on the platform you're using or malicious hackers - can sneak a peek while these are in transit.

Having a firewall and the right antivirus program up and running enhances your protection against all sorts of cyber attacks, including man-in-the-middle ones. Make sure that your antivirus software and its definitions are up to date since clever cyber criminals are always stepping up their game.

Virtual private network (VPN) services are also intermediaries, but the good kind. These route your data traffic to remote servers, masking your IP address, and encrypting your connection in the process. This minimizes direct contact between your device and the Internet and comes in particularly handy when using public WiFi.

However, make sure that you only use legitimate VPN services, since you're putting your data in their hands. Unfortunately, there do exist lots of questionable (free) VPN services which can (and likely do) keep tabs on what their users are up to. This makes them just like man-in-the-middle attackers. For this reason, stick with reputable providers that regularly submit to independent security audits.

In our EXPERTE.com VPN comparison, we put a wide variety of VPN services to the test. Reviews and more can be found in the VPN section of our site:

Man-in-the-middle attacks are highly dangerous and difficult to notice. Cybercriminals disguise themselves as reputable intermediaries, siphoning off sensitive data, such as passwords, that your system is transmitting to a trusted web resource. Pulling these off is possible owing to the weak points in digital infrastructure and different areas that can be probed, such as DNS, IP, or HTTPS spoofing, to say nothing of the assistance malware can provide.

Noticing a man-in-the-middle attack while it's being executed is difficult. For that reason, it's smarter to proactively adopt security practices that will reduce the likelihood of these enjoying any success against you. When surfing, make sure you do so with HTTPS encryption, and if on public WiFi, exercise added caution.

You aren't alone though, as a number of useful tools exist that can enhance your security. For maximum password security, there's no way around a password manager; antivirus programs and firewalls can boost your digital defenses; and if you find yourself often on public WiFi, you might want to invest in a reliable VPN.