What is Man in the Middle Attack in Cloud Computing?
Cyber attacks are a constant threat to online businesses. Forbes states that around 2 million dollars are lost due to cybercrime every minute.
Man in the Middle attack (MITM) is the most frequently used cyber attack technique.
Man-in-the-Middle attacks are a type of session hijacking. The hackers exploit conversations and data transfers.
In the last decade, several organizations have been hit by this type of attack. Detecting MITM attacks is difficult, but they are preventable.
In this article, learn more about how MITM attacks work and ways to prevent them.
What is Man in the Middle Attack?
Man in the Middle Attack is a form of cyber eavesdropping. Hackers attempt to breach communication between source and destination.
Cybercriminals essentially act as “middlemen” between the sender and the receiver. Hence the name “Man-in-the-Middle Attack.”
In simple terms, Man in the Middle Attack can be described as “a third person listening to a conversation between two people in the middle of a communication channel.”
The hacker must remain invisible to the victim for a MitM attack to be successful.
The purpose of the interception is to either steal, eavesdrop, or modify the data for malicious purposes, such as extorting money.
Types of Man in the Middle Attack
Types of attacks:
- Interception - The interruption of data before it reaches the destination
- Decryption - The interruption of data at the destination without the notice of the receiver
1. Interception
In the Interception stage, the attack occurs in the middle of the conversation or data transfer.
1.1. ARP Spoofing
Changing the receiver's address using the ARP cache is called ARP Spoofing. This attack is performed in a local area network that uses the ARP protocol.
The change of the receiver’s address affects data transfer. Confidential data sent by the user is transmitted to the hacker.
1.2. IP Spoofing
Devices send and receive data in the form of IP packets. The header in these IP packets contains the address of the destination.
IP Spoofing involves creating IP packets with a modified source address, hiding the sender’s identity.
In IP Spoofing, hackers attempt to divert traffic to a fraudulent website. It causes the user to send information to the wrong address unknowingly.
1.3. DNS Spoofing
In DNS spoofing, hackers alter Domain Name Server (DNS) to redirect traffic to a fraudulent site.
This results in the name server returning an incorrect IP address.
A victim unknowingly visits the fake website on which hackers will attempt to steal their information.
2. Decryption
In the decryption stage, Man in the Middle Attack happens at the receiver's end. It is carried out before the message reaches the user.
2.1. SSL Hijacking
HTTPS is a primary safeguard against ARP or DNS spoofing.
To avoid it, hackers use the SSL hijacking technique. Hackers pass forged authentication keys to both the user and application during a TCP handshake.
It changes their HTTPS-based address requests to their HTTP equivalent.
This creates a setup that appears to be a secure connection. When, in fact, the man in the middle controls the entire session.
2.2. HTTPS Spoofing
No one can create a duplicate HTTPS address. The hacker aims to create a similar web address that looks authentic.
This method is also called “Homograph Attack”.
The visitor unknowingly enters data into a fake website.
2.3. Beast Attack
BEAST is short for Browser Exploit Against SSL/TLS. In the beast attack, a specially designed data block is injected to access the data transfer.
Beast attack helps a man-in-the-middle attacker to decrypt the encrypted information.
How does the Man in the Middle Attack Work?
A man-in-the-Middle Attack works by exploiting vulnerabilities or exploits in the network, web, browser, server OS.
Here is a basic work order of how the Man in the Middle Attack works:
- Person A sends Person B a message.
- The MITM attacker intercepts the message without Person A's or Person B's knowledge.
- The MITM attacker changes or removes the message content without Person A's or Person B's knowledge.
Man in the Middle Attack can be completed in three ways:
- Accessing personal information by decrypting conversation.
- Redirecting users to unsafe and unencrypted websites.
- Decrypting the victim’s encrypted data and using it for malicious purposes.
Where do Man-in-the-Middle Attacks happen?
Man in the Middle Attack in cloud computing happens through loopholes in your system.
There are several loopholes in the communication system as follows:
- Web Server
- Public Networks
- Router
- Computer system & Browser
1. Web Server
A weak web server is not effective in traffic validation. It is most vulnerable to Man in the Middle Attacks.
2. Public Networks
Most hackers use public wifi points to breach systems. It is easier to gain access to your device through public Wi fi access points.
3. Router
A weak router cannot stop unauthorized access. Hackers use weak routers to enter into the communication channel.
4. Computer System & Browser
Vulnerable systems are easy targets for MITM attacks. Outdated web browsers do not have the latest security updates.
Hackers can install malware to execute MITM attacks in outdated systems and browsers.
Preventive Tips for Man in the Middle Attack
1. VPN
Use Virtual Private Network between client and server for secure connections. VPN encrypts your data transfer against the Man in the Middle Attack. VPN prevents unauthorized bypassing of traffic.
2. Firewall
The firewall prevents MITM attacks by only allowing authorized traffic. Firewall filter traffic from unsecured sources to prevent Man in middle attacks.
3. Two-factor Authentication
Two-factor authentication is a 2 step security system. This authentication requires additional forms of identification other than username and password. Two-factor ensures data privacy and prevents different kinds of middle attacks.
4. Network Monitoring
Deploy network monitoring and intrusion detection tools to analyze the traffic. Intrusion detection tools throw an alert whenever a MITM invasion is made.
5. SSL/TLS
Always use SSL/TLS protocols for communication. These protocols provide data integrity and privacy in communication against MITM attacks.
6. HTTPS
SSL & TLS supports encrypted communication in HTTPS. It is difficult for an intruder to perform a MITM attack on HTTPS websites.
7. DNS
DNS is a network protocol that identifies IP addresses and domain names. Use DNS over HTTPS to encrypt your DNS requests against DNS hijacking.
DNS resolver performs content filtering to block malware-based middle attacks.
8. Latest Update
Keep your systems updated to the latest version. Software updates improve security and enhance performance. Security patches protect you from cyber threats.
9. Educate Employees
Provide security awareness to employees.
- Create security strategy with different roles and responsibilities
- Use for secret information a password vault
- Integrate an automatically Password Rotation
- Enable for all external services the two-factor authentication
Conclusion
Man in the middle attack is an ever-present threat. Exploits and vulnerabilities open the door for creating Man in the Middle Attacks.
This article showed some of the common techniques hackers use to create the Man in the Middle Attack and how to prevent them.
If you are interested to know more about cloud security, please visit our CloudPanel blog.
