Man-in-the-middle attacks have been one of the most notorious cyber threats that have been wreaking havoc to enterprises for years. This sort of attack is often difficult to combat because attackers operate in a highly stealthy manner, making it less noticeable to two individuals communicating over the Internet.
Detection is the key. Researchers from Facebook and Carnegie Mellon University have joined forces to build a system that security professionals and even regular Internet users can employ to detect man-in-the middle attacks.
Although the tool is not so recent as it has been under development for quite some time, Facebook was able to demonstrate it on its own network and concluded that could also be applied to other large enterprises. The technology was able to identify 6,845 tampered certificates from more than 3 million SSL connections during the course of the experiment.
Man-in-the middle attacks have been known to target corporate data, so it was not surprising when Facebook and Carnegie Mellon University researchers found that majority of the attack incidents occurred to commercial organizations. But governments and financial institutions have not been spared also from its wrath.
MITM attacks operate to redirect Web traffic through a malicious server in order to view or change a data in transit before it reaches the recipient. It takes place between a Web server and a browser. Even when the traffic between these two end points is protected by an SSL protocol, or more commonly called encrypted, attackers have a way to intercept the certificates in order to secretly join the communication line.
In order to spot changes in certificates, the researchers combined Web pages that are made accessible to select Facebook users with a Flash applet, which skirted the social network’s browser protocol and transmitted data contained in certificates to the researchers’ server.
IT security departments will be most interested in this method in order to monitor instances of man-in-the-middle attacks on users of its their corporate websites. It will also help a lot to protect stakeholders within an organization by ensuring that internal traffic between employees are not tampered.
There are also risks associated with anti-virus software tools installed on computers or cloud platforms, the research revealed. That is so because these products are built to serve as proxies that facilitate the flow of Internet traffic, and they are also sometimes susceptible to attacks. When this anti-virus software system deploys certificates instead of the browser’s certificate, the browser becomes incapable of authenticating certificates.