How To Protect Your SMB From a MitM Attack

Business Email Compromise (BEC)

The FBI calls BEC "The $55 Billion Scam." The FBI states that "the BEC scam continues to target small local businesses to larger corporations." In total, 158,436 US victims have lost almost $21 billion. That averages around $132,000 in losses per incident. This amount concurs closely with research from the Anti-Phishing Working Group (APWG), which found that the average amount requested in a wire transfer during a BEC attack is $128,980.

Data Breach and Noncompliance Fines

MitM attacks are about stealing data in all its forms. They can often be a prelude to much larger data breaches. Attackers use stolen login credentials to gain access to databases and other data repositories. The resulting noncompliance fines can be large. For example, PCI-DSS noncompliance fines can range from $5000 to $100,000 per month, depending on the violation.

Reputation Damage

MitM and follow-on cyberattacks can cause reputational damage as trust in the company is impacted. This can cause major financial damage, with 75% of consumers refusing to deal with a business that has suffered from a security breach.

Fraud

Account Takeover and fraud cost an SMB over $16,000, and over half of businesses (54%) never recover their losses.

Rogue Wi-Fi Hotspots

Cybercriminals create spoof Wi-Fi hotspots to trick people into communicating through rogue Wi-Fi. Often, these malicious Wi-Fi networks have legitimate-sounding names, similar to popular networks. If the user connects to the rogue Wi-Fi, any communications they perform using this network, like sending an email, will be intercepted. As long as the person is using the spoofed Wi-Fi, the attacker will be able to monitor activity and steal data. Some rogue Wi-Fi attacks allow attackers to install malware on the device.

ARP Spoofing

The communication protocol, Address Resolution Protocol (ARP), translates the link-layer address (e.g., MAC address) to the Internet Protocol (IP) address on the local network.

A MitM attack that uses the ARP tricks a victim's computer into believing the hacker's computer is the network gateway. This allows the attacker to intercept all traffic between the victim's computer and the network, providing them with the data they need to carry out a cyberattack.

DNS Spoofing

Domain Name Servers (DNS) are an essential part of the modern internet. A DNS maps memorable domain names to IP addresses. Attackers can intercept internet traffic, redirecting legitimate traffic to phishing websites. These websites are branded to look like well-known brands such as Microsoft 365. The attackers use these spoof sites to steal login credentials and other data.

Cookie Hijacking

A web browser may store website information in a session cookie to help with a better user experience. If a MitM attacker can gain access to the session cookies in a user's web browser, they can use them to impersonate that user or steal the information inside the cookie. This information can include passwords, financial information, etc.

Secure Sockets Layer (SSL) Hijacking

SSL is an earlier form of the Transport Layer Security (TLS) protocol, which is essential for online security. Websites that have HTTPS at the beginning of their URL use SSL or TLS to encrypt internet traffic. MitM attackers can hijack SSL connections because this older protocol has security vulnerabilities. As the more secure TLS protocol replaces SSL, this type of MitM is becoming less prevalent.

IP Spoofing

Like DNS spoofing, IP spoofing diverts internet traffic to a spoof website by modifying the fraudulent site's IP address to make it look like the IP address of a legitimate website.

Email Hijacking

Email hijacking describes the takeover of critical accounts, such as email or application accounts. Once an attacker has control of the account, they can use it to carry out fraudulent activities, including phishing other users. This form of MitM replies to social engineering and the manipulation of behavior.

Dark Web Monitoring

Protection begins with understanding what you are up against and the security risk to your business. Dark web monitoring tools dig deeply into the dark web to find evidence that attackers are targeting your company and brand. They also locate any company data available on the dark web that may be used to target your company in MitM attacks.

Robust Passwords

Enforce the use of strong passwords that make it difficult for hackers to brute force user passwords.

Passwordless Authentication

Passwordless authentication avoids using a password to log in to an account. Instead, various other methods, like a fingerprint or facial biometric, are used. This helps to prevent specific MitM attacks that hijack email accounts.

Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) is a standard best practice where additional login credentials are requested during login, such as a code received on a mobile device. However, hackers are increasingly finding novel ways to bypass MFA; instead, MFA should be used to reduce risk.

Virtual Private Network (VPN)

A VPN encrypts internet traffic; if a hacker intercepts traffic during a MitM attack, the data will be unreadable and unusable.

HTTPS

HTTPS at the front of a URL, e.g., https//www.mycompany.com, shows that the site is secured using digital certificates. These certificates encrypt traffic and demonstrate that the certificate issuer has checked a company. However, these checks are not always comprehensive. Increasingly, spoof websites appear legitimate, with over three-quarters of phishing websites using HTTPS.

Encrypted Communications

Any exchange of sensitive or proprietary data over the internet should be encrypted. VPNs and HTTPS can help secure data, but other methods like end-to-end email encryption reduce the chance of a successful MitM attack.

WEP/WAP Encryption on Access Points

Encrypting wireless access points helps to prevent brute force and interception of internet traffic.

Security Awareness Training

Employees should be educated about the risks of MitM attacks and how to stay safe, especially when working remotely. Training employees to identify phishing attempts can help reduce the likelihood of MitM attacks. Cyber hygiene training, such as logging out of apps, secure Wi-Fi use, and robust password creation, is a must for developing a culture of security that protects your business and its employees.