Cybersecurity (cyber security) is a buzzword that seems to have appeared relatively quickly in the world of business IT.  If you search the term “cybersecurity” or “cyber security” on the BBC News website, there are currently 29 pages of articles from the last 2 years, but these are just the major ones that were deemed newsworthy.  

As cybersecurity technicians we reference the Common Vulnerabilities and Exposures (CVE) website which currently lists 166,798 vulnerabilities and this increases daily.  I know, that is a scary number of threats and it changes daily.

In this blog we are going to look at one of the most basic forms of attack which is called a man in the middle cyber attack. Despite being one of the oldest cybersecurity threats it is still widely used today and businesses of all sizes loose thousands of pounds as a result.

Our aim is to raise awareness of the dangers of common cybersecurity attacks that can immobilise businesses, we take a look at man in the middle attacks, how they work and how you can protect against them.

Watch The Man In the Middle Video

Watch the video below to find out more about how man in the middle attacks work.

 

Read Video Transcript

Behind the Hack – Man in the Middle

Every business wants to keep their valuable data safe, but sometimes, without help, it can be hard to identify or stop a breach that would be catastrophic for your business.

Right now our very own ethical hacker is going to show you an example hack that is used every day to get full access to business critical sensitive data and worst of all, he’ll even pretend to be you.

This is called a ‘Man in the Middle’ attack. In this exclusive example it’s instigated by a typical quarantined review email.

Our hacker has worked carefully to make sure it gets through to your main inbox, and looks completely legitimate, but wait, look, the URL has a slight spelling mistake most would miss. 

If you were to see that a message from a colleague has been caught in spam, you’d be compelled to click ‘review’ to find out more, this is called ‘Man in the Middle’ because, in this case there’s a log in portal that appears to be genuine but is actually fake and it’s sat right in between you and the real system you’re trying to access.

Again, there’s that tiny spelling mistake, so you enter your credentials, they get passed through and allow you normal access but at the same time, if we check our hackers machine, they’ve also collected your username and password.  Meaning whatever you can access, they can access.
Just imagine what they can now do… steal your client information, wipe your data and even email using your identity. 

Hackers are well known for resending invoices and asking payment details to be amended, stealing thousands.  All of this without you suspecting a single thing.  Potentially for days, weeks, even months until you finally change your password.

What Is a Man In the Middle Hack?

Also known as eavesdropping attacks, a man in the middle attack occurs when an attacker intercepts communications between two parties. The attacker then eavesdrops and, in most cases, impersonates one of the parties.

The ‘man in the middle’ is the hacker and they must remain undetected in order for the hack to work, often patiently gathering critical information before launching their attack.

How Does a Man In The Middle Attack Work?

When their target has been identified, hackers use methods such as phishing, IP spoofing, stealing browser cookies, creating fake login portals and sending legitimate looking scam emails to deceive the user into entering their login details.

When the hacker has access, they will usually monitor your systems and wait for the right time to strike.

For example, they may use your email address to email clients and ask them to update their payment information so they are instead paying their invoices to the hacker rather than your business.

How To Prevent Man In The Middle Attacks

With proper cyber security measures in place, your business is far less likely to be the victim of an attack. Here’s how you can protect yourself:

  • Train your staff to recognise fraudulent emails and scams.
  • Use email protection to reduce the chances of fraudulent emails getting into your inbox.
  • Use Multi Factor Authentication so that even with your password, the hacker cannot access your systems.
  • Ensure you change your passwords on a regular basis and don’t use the same password for more than one system.
  • Consider using a password management tool to improve the security of your passwords.
  • Use antivirus software to protect your machines and ensure all your software and hardware is kept up to date.
  • Use a professional cyber security provider.
  • Consider Cyber Essentials certification to protect against the most common forms of cyber attack.

Protect Your Business with Absolutely PC

Would your staff be able to spot a man in the middle attack and know what steps to take to prevent a breach occurring as a result?

With just one lapse of concentration, your entire business could be crippled by a cyber attack that costs thousands.

If you want to ensure your business is protected against man in the middle attacks and other forms of cyber attack, call us today on 0117 975 9523 or fill out a contact form and we will get back to you.

Other Posts for you to Enjoy

 

IT Security: Zero Day Attack – Take Action Now

A new zero day attack is in progress and it threatens all computer systems that have Microsoft Office installed. A simple piece of code will thwart this attack until Microsoft have had a chance to release a patch

Business IT Security – Using 2FA

Business IT security is often about doing the basics really well, like securing your accounts using 2FA. In this post find out why 2FA helps to keep your business cyber secure

WordPress Security – Attacks leave 1.6 million sites damaged

Are you confident that your WordPress website is secure? Yesterday, on the 9th of December 2021, 1.6 Million WordPress Sites were Hit With 13.7 Million Attacks In 36 Hours From 16,000 IPs. It’s safe to say this is a major concern to businesses everywhere. WordPress...

Ransomware – Behind the Hack [Video Guide]

How would your business react if you were locked out of every single file stored on any PC or cloud platform in your network, with the only way to free your data being to pay vast sums of money to a hacker? Well, ransomware does just that. Despite how crippling this...

Eternal Blue – Behind the Hack [Video Guide]

What would you do if a hacker had access to all of your sensitive documents and data through a machine that they had exploited, with access to control your webcam as well as monitor the screen and keyboard? It’s not something out of action movie, what we’re describing...

Another Cyber Security zero-day exploit

On 9th November Microsoft released a fix for Windows based computers that allowed an attacker to take control of your systems as an admin.  This was known as CVE-2021-41379 and was the latest in a series of cyber security issues involving Elevation of Privilege...

Cyber Security Infographic

With cyber attacks becoming increasingly common for businesses of all sizes, it is critical that your organisation understands the most common types of cyber attack and what you can do to protect yourself. Take a look at our cyber security infographic which takes you...

8.4 Billion Passwords Leaked In “RockYou2021” Hack – How To Protect Your Business

The largest password collection of all time was recently leaked onto a hacker forum, with an eye-watering 8,459,060,239 (8.4 billion) unique entries stored in a 100GB TXT file putting potentially billions of logins at risk.  Dubbed as ‘RockYou2021’ after the RockYou...

How To Fix Windows ‘PrintNightmare’ Vulnerability – Video

Microsoft is warning Windows users about a currently unpatched security flaw in the Windows Print Spooler service which is being actively exploited. Whilst waiting on a fix from Microsoft, Window's PCs are potentially vulnerable to be hacked whenever they are switched...

How to Protect your Business from Cybersecurity Threats

With UK small businesses targeted with 65,000 attempted cyber attacks per day, having robust measures to deal with cyber security threats is more important than ever. The recent attack on SolarWinds proves that no business is safe from hackers and that businesses both...

8.4 Billion Passwords Leaked In “RockYou2021” Hack – How To Protect Your Business

The largest password collection of all time was recently leaked onto a hacker forum, with an eye-watering 8,459,060,239 (8.4 billion) unique entries stored in a 100GB TXT file putting potentially billions of logins at risk.  Dubbed as ‘RockYou2021’ after the RockYou...

Business IT Security – Using 2FA

Business IT security is often about doing the basics really well, like securing your accounts using 2FA. In this post find out why 2FA helps to keep your business cyber secure

Eternal Blue – Behind the Hack [Video Guide]

What would you do if a hacker had access to all of your sensitive documents and data through a machine that they had exploited, with access to control your webcam as well as monitor the screen and keyboard? It’s not something out of action movie, what we’re describing...

Cyber Security Infographic

With cyber attacks becoming increasingly common for businesses of all sizes, it is critical that your organisation understands the most common types of cyber attack and what you can do to protect yourself. Take a look at our cyber security infographic which takes you...

Ransomware – Behind the Hack [Video Guide]

How would your business react if you were locked out of every single file stored on any PC or cloud platform in your network, with the only way to free your data being to pay vast sums of money to a hacker? Well, ransomware does just that. Despite how crippling this...

How to Protect your Business from Cybersecurity Threats

With UK small businesses targeted with 65,000 attempted cyber attacks per day, having robust measures to deal with cyber security threats is more important than ever. The recent attack on SolarWinds proves that no business is safe from hackers and that businesses both...

Another Cyber Security zero-day exploit

On 9th November Microsoft released a fix for Windows based computers that allowed an attacker to take control of your systems as an admin.  This was known as CVE-2021-41379 and was the latest in a series of cyber security issues involving Elevation of Privilege...

New Dark Web Monitoring Tool Available from Absolutely PC

How much of your business and personal data is available online? The results could surprise you. With small business in the UK alone targeted by up to 65,000 attempted cyber attacks per day, data breaches and leaks are becoming an increasingly common occurrence. Once...

New Password Management Tool Available from Absolutely PC

With cyber attacks on the rise and remote working becoming commonplace, now, more than ever - businesses need to keep on top of the security of their passwords or be at risk of suffering a costly data breach. A study by Verizon Data Breach Investigations found that...

IT Security: Zero Day Attack – Take Action Now

A new zero day attack is in progress and it threatens all computer systems that have Microsoft Office installed. A simple piece of code will thwart this attack until Microsoft have had a chance to release a patch