Man in the Middle Attack

Man in the Middle Attack

What is MITM attack

Man in the Middle Attack (MITM), often referred to as “Monster in the Middle,” pose a significant threat in the realm of cybersecurity. These nefarious tactics entail intercepting and tampering with communication between two parties, granting attackers the ability to covertly monitor and alter messages. The attacker situates themselves within the network pathway linking the communicating parties, enabling eavesdropping, modification, or injection of new data into the communication.

Imagine this scenario. You’re texting your friend to arrange a time and place to meet. She says 2pm at your local coffee shop, but when you get there, she isn’t there. Maybe she is that friend who is always late, so you wait, but still nothing. An hour earlier, your friend was sitting at the Italian restaurant you both love and she was waiting for you. Why were you at two different locations at two different times? Well, your conversation got intercepted by a hacker who was able to read your messages and alter them without you knowing. This is what is called a man in the middle attack.

Man in the Middle Attacks

Now, of course you and your childhood friend are not the target of hackers and they don’t really care where you want to meet. The interception is of course, not this simple. However, malicious third parties are using this concept to carry out attacks against organizations or specific individuals. A device is needed to perform the attack and there are a variety of different products available for different purposes.

How an Man in the Middle Attack Typically Works

Interception: The attacker intercepts communication between two parties, making them believe they are communicating directly with each other.

Eavesdropping: The attacker can eavesdrop on the data being transmitted, collecting sensitive data such as passwords, credit card numbers, or other confidential data.

Modification: The attacker can alter the data being transmitted. For example, they might modify a legitimate message, redirect a user to a malicious website, or inject malware into the communication.

Impersonation: The attacker can impersonate one or both parties involved in the communication. This allows them to gain unauthorized access to systems or manipulate the communication for their benefit.

Man in the Middle Attack: ATM Black Box Attacks

ATMs are prime targets for Man in the Middle Attack thanks to the abundance of cash stored inside of them. A way in which this attack can be carried out is through an ATM black box attack. In this attack, a device (usually containing a Raspberry Pi Zero W computer) will connect between the ATM’s PC and the dispenser. This allows the attacker to send cash dispensing commands to the machine.

Raspberry PI
Raspberry PI Device


This type of attack can be challenging since internal access to the machine is required. Never fear, potential ATM hackers, a simpler way is available and costs only $25 on Amazon (no need for the dark web when it comes to this). This device is known as a GL.iNet and is attached externally to the ATM, but provides the same end result.

GL.iNet
GL.iNet


But ATMs are such a niche target (ATM Jackpotting Attack), so why should you even be reading this? Well, it’s not just ATMs that are the target. You might be, too. And no, not for the purpose of finding out your lunch plans. Hackers might want to gain access to the organization you work in and may use you to do so.

Man in the Middle Attacks on Organizations and Individuals

At this point, you might think that you are protected. Since, in order to access your organization’s devices and network, you need authentication, maybe even biometric authentication (Biometric Sensors). Well, another Man in the Middle Attack tool is bypassing this, too. A device known as BeagleBone board is able to circumvent even the most sophisticated forms of biometric authentication like palm-vein scanners.

BeagleBone
BeagleBone


Hak5 Hacking Tools

There are plenty more devices that can be used for Man in the Middle Attacks. Hak5 is a company that produces a lot of these hacking tools, such as Packet Squirrel and LAN Turtle, and others. These devices, although differing slightly in functionality, both observe network traffic. A more advanced tool, going by the name of Wifi Pineapple, is letting hackers mimic preferred networks and, in turn, gather intelligence.

Man in the Middle Attack - Packet Squirrel - LAN turtle - Wifi Pineapple
Packet Squirrel – LAN turtle – WiFi Pineapple

Rogue Devices: Overcoming Existing Security Solutions

These Man in the Middle Attack tools, or in other words, Rogue Devices, bypass existing security solutions, such as NAC, EPS, IDS, or IoT Network Security. This is due to a lack of physical layer visibility, which means that they go undetected. Hence, in order to evade hardware based attacks, it is essential to avoid using Rogue Devices. Such awareness is even more crucial as hardware-based attacks occur more frequently, with 37% of threats designed for USB exploitation in 2020, nearly double than in 2019 (bad USB devices). Further, as USB usage rose by 30% in 2020, attackers are more likely to be successful (Internal Threats).

Using Sepio to Protect Against MITM

Sepio’s patented technology is the solution for mitigating risks associated with MiTM attacks. The threat of Man in the Middle Attacks is pervasive and evolving. By understanding the tactics employed by attackers and staying vigilant, you can take proactive steps to protect your network and sensitive information. Sepio’s patented technology provides a comprehensive solution to mitigate risks. Regain control over your assets, and ensure the security of your organization. Take the necessary measures to safeguard against MiTM attacks and maintain the integrity of your network infrastructure.

This blog was not meant to scare you. But to make sure that you are more vigilant towards the savvy ways hackers are manipulating you. Who would not want to know about the undetectable, invisible, hidden ways all your information can be obtained by a malicious third party without any way of stopping it? But maybe there is…

See every known and shadow asset. Prioritize and mitigate risks.
Talk to an expert. It will help you understand how to use Sepio’s patented technology to gain control of your asset risks.

January 25th, 2021