Hello Everyone, this is KDT and today we’re gonna be discussing about an important attack in Cyber Security.
It is MITM
To Understand this better and to demonstrate it in a practical way, Im gonna be dividing this topic into whole new Sub Topics. So lets get started.
First of all, MITM stands for Man In The Middle Attack. It is used in many cases of Cyber Security which involves Phishing. When an Attacker Attacks us with the method of Man In The Middle, The Attacker will know everything about what we are browsing on the internet and all the info and details related to that.
MITM attack is mostly used in WIFI systems. Even the WIFI system is most secure, the attack can work easily on that. It also not work with automation, such that we will only be Faked and we are the ones who give our own personal data to the Attackers. We’ll talk more about this in the Attack Method heading.
Let me explain to you in detail, how the Attacker attacks a victim Machine.
To attack a victim of a certain/specific network, He/She should be first connected to the same network as the victim. This is the main requirement for MITM attacks. After a Attacker is connected, He/She will run a IP Scanner which scans the entire network and outputs the Ip – Addresses of the people who are connected in it.
Then the Attacker chooses one of the available victims. Then to spy on him, there is one step. It is HTTPS Downgrading. There is a problem for an Attacker that nowadays most of the websites use HTTPS protocol and not HTTP. The basic difference between HTTPS and HTTP is that HTTPS is encrypted and more secure.
Because of this, Even when an Attacker steals the information, it will be fully Encrypted and nobody can understand it. So, through a HTTPS Downgrading attack, the attacker will be able to strip down the HTTPS into HTTP and can easily read the information.
There is also an another protocol which is used by very few websites such as Facebook etc. It is HSTS. It stands for HTTP Strict Transport Security. If we apply the HTTPS Downgrading attack to these kind of websites, it will not work. So to bypass this security feature, An Attacker uses an another method called DNS Spoofing.
Because of this when we request for Facebook.com it will automatically redirect to a DNS Name Server such as Facebook.corn which an Attacker chooses. So, through this it is possible to bypass the HSTS security feature.
In this section, Im gonna be discussing about the Potential Risk of the MITM attacks when its executed on us.
- Capturing Passwords and Credentials
- Getting hold of Personal Data
- Tracking what you’re browsing.
So, these are the possibilities that can happen if a MITM attack is executed. There are only few ways in which you can prevent it.
They are :
- Not using public WIFI
- Must be connected to a VPN if connected to Public Network.
- Always check the URL address for any spoofing.
So I conclude by saying that, MITM attacks are very dangerous and can cause severe damages to you and your resources. You cant prevent it automatically, the only is to outsmart the Attacker by the following steps that I have given above in POTENTIAL RISK heading.
PLEASE SUBSCRIBE TO THE PUSH NOTIFICATIONS OR TO THE NEWSLETTER TO RECEIVE THE LATEST UPDATES OF THE BLOG
FEEL FREE TO POST YOUR THOUGHTS IN THE COMMENTS BELOW.