MAN IN THE MIDDLE (MITM) ATTACK

A man-in-the-middle attack is a category of cyberattack where a malevolent actor inserts him/herself into a tête-à-tête between two parties, impersonates both parties and receives access to data that the two parties were trying to send to each other. A man-in-the-middle attack allows a malevolent actor to intercept, send and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late. Man-in-the-middle attacks can be abbreviated in many ways, including MITM, MitM, MiM or MIM.

Key Concepts of a Man In The Middle Attack

Man-in-the-middle is a type of eavesdropping attack that occurs when a malicious actor inserts himself as a relay/proxy into a communication session between people or systems.
A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data.
Man-in-the-middle attacks allow attackers to intercept, send and receive data never meant to be for them without either outside party knowing until it is too late.

Interactions that are susceptible to MITM Attack

Financial sites – between login and authentication
Connections meant to be secured by public or private keys
Other sites that require logins – where there is something to be gained by having access

Other Forms of Session Hijacking

Man-in-the-middle is a form of session hijacking. Other forms of session hijacking similar to man-in-the-middle are:

Sidejacking – This attack involves sniffing data packets to steal session cookies and hijack a user’s session. These cookies can contain unencrypted login information, even if the site was secure.
Evil Twin – This is a rogue Wi-Fi network that appears to be a legitimate network. When users unknowingly join the rogue network, the attacker can launch a man-in-the-middle attack, intercepting all data between you and the network.
Sniffing – This involves a malicious actor using readily available software to intercept data being sent from, or to, your device.

DoS Attack: An Introduction

A Denial-of-Service (DoS) attack is an attack intended to shut down a mechanism or network, making it unreachable to its envisioned users. DoS attacks achieve this by flooding the target with traffic, or transfer the data that prompts a crash. In both instances, the DoS attack divests legitimate users of the facility or resource they expected.

Victims of DoS attacks frequent target web servers of high-profile organizations such as banking, commerce, and media companies, or government and trade organizations. Though DoS attacks do not characteristically result in the theft or loss of important data or other assets, they can cost the victim a great deal of time and money to holder.

There are two over-all methods of DoS attacks: overflowing services or crashing services. Flood attacks occur when the system receives too much traffic for the server to buffer, causing them to slow down and eventually stop. Popular flood attacks include:

Buffer overflow attacks – the most common DoS attack. The concept is to send more traffic to a network address than the programmers have built the scheme to handle. It consists of the attacks listed below, in addition to others that are intended to exploit bugs specific to certain applications or networks

ICMP flood – influences misconfigured network devices by sending spoofed packets that ping every computer on the targeted network, instead of just one specific machine. The network is then triggered to amplify the traffic. This attack is also known as the smurf attack or ping of death.

SYN flood – sends a request to connect to a server, but never completes the handshake. Continues until all open ports are saturated with requests and none are available for legitimate users to connect to.

Other DoS attacks simply exploit vulnerabilities that cause the target system or service to crash. In these attacks, input is sent that takes advantage of bugs in the target that subsequently crash or severely destabilize the system, so that it can’t be accessed or used.

An additional type of DoS attack is the Distributed Denial of Service (DDoS) attack. A DDoS attack occurs when multiple systems orchestrate a synchronized DoS attack to a single target. The essential difference is that instead of being attacked from one location, the target is attacked from many locations at once. The distribution of hosts that defines a DDoS provide the attacker multiple advantages:

He can leverage the greater volume of machine to execute a seriously disruptive attack
The location of the attack is difficult to detect due to the random distribution of attacking systems (often worldwide)
It is more difficult to shut down multiple machines than one
The true attacking party is very difficult to identify, as they are disguised behind many (mostly compromised) systems

Modern safety technologies have advanced mechanisms to guard against most forms of DoS attacks, but due to the exclusive characteristics of DDoS, it is still observed as an raised threat and is of higher concern to administrations that fear being beleaguered by such an attack.

Social Engineering: An Introduction

Social engineering is a word used to encompass a broad range of malevolent activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.

Social engineering attacks happen in one or more steps. A perpetrator first studies the intended victim to gather essential background information, such as possible points of entry and weak security protocols, needed to advance with the attack. Then, the attacker moves to gain the victim’s trust and offer stimuli for consequent actions that break security practices, such as revealing delicate information or giving away access to critical resources.

What makes social engineering dangerous is that it depends on human error, rather than weaknesses in software and operating systems. Mistakes made by genuine users are much less predictable, making them harder to identify and thwart than a malware-based intrusion.

Social engineering attacks come in many different forms and can be performed anywhere where human interaction is involved. The following are the five most common forms of digital social engineering assaults. Let’s take a look all the techniques that are used to achieve malevolent interests.

Baiting

As its name implies, baiting attacks use a false promise to pique a victim’s greed or curiosity. They lure users into a trap that steals their personal information or inflicts their systems with malware.

Scareware

Scareware involves victims being bombarded with false alarms and fictitious threats. Users are deceived to think their system is infested with malware, encouraging them to install software that has no real benefit (other than for the perpetrator) or is malware itself. Scareware is also referred to as deception software, rogue scanner software and fraudware.

Pretexting

Here an attacker obtains information through a series of cleverly crafted lies. The scam is often initiated by a perpetrator pretending to need sensitive information from a victim to perform a critical task.

Phishing

As one of the most popular social engineering attack types, phishing scams are email and text message campaigns aimed at creating a sense of urgency, curiosity or fear in victims. It then prods them into revealing sensitive information, clicking on links to malicious websites, or opening attachments that contain malware.

Spear phishing

This is a more targeted version of the phishing scam whereby an attacker chooses specific individuals or enterprises. They then tailor their messages based on characteristics, job positions, and contacts fitting to their victims to make their attack less conspicuous. Spear phishing requires much more effort on behalf of the perpetrator and may take weeks and months to pull off. They’re much harder to detect and have better success rates if done skilfully.

In tomorrow’s post we will discuss cryptocurrencies and social engineering so stay tuned.