An adversary-in-the-middle attack is a form of man-in-the-middle attack, but the “adversary” imitates the user directly via the intercepted data. This makes it possible to bypass logins and log directly into accounts.
Adversary-in-the-middle attack definition
The Adversary-in-the-Middle attack (AitM) is assigned to phishing. The attackers are after data that they can use to gain access to accounts.
The specific target of the adversary-in-the-middle attack is the session cookies. Cookies are the data stored on the computer or in the browser that ensure that we do not have to re-enter our access data each time we visit a website.
This makes it easier for users to stay on their favorite websites. However, it also poses a risk to data protection. The adversary-in-the-middle attack targets this data.
Attackers place themselves between the user and the website, intercept the data and then impersonate the user on the website. In this way, they can access the accounts without additional registration.
Adversary-in-the-middle attack: procedure
The adversary-in-the-middle attack runs via a proxy server. A hacker installs this between the user and the website.
The proxy server intercepts the user’s login data such as name and password when the user logs on to the website in question. It also saves the cookie for the session. This means that the proxy server saves all the data required to log on to a website and the status of the session.
The cookie contains the session data. This means that the website remembers that the user has already logged in and therefore no longer asks for authentication. This makes it possible for attackers to log in directly to the website and steal further data or carry out actions there. For example, purchases in an online store with the user’s data.
Effects of and protection against AitM
An adversary-in-the-middle attack is a phishing attack. The first effects are therefore stolen data. The further consequences of this data theft depend on the type of website in question.
Attackers can use the data from an online store to make purchases in the name and at the expense of the user.
It can have a greater impact if company accounts are attacked. Hackers can do a lot of damage with access to a company’s internal data. This ranges from business interruptions to non-compliance with regulations. This can result in large fines or other costs.
Multi-factor authentication (MFA) offers the best protection against an adversary-in-the-middle attack. It is important that it is an MFA that is protected against phishing. The intercepted data would otherwise allow hackers to bypass the MFA, which would no longer have any effect.
According to experts, up to 95 percent of MFAs in companies are circumvented by phishing. This is because many MFA systems send a one-time security request that hackers can copy directly.
A phishing-proof MFA system changes the security prompt regularly and thus prevents hackers from intercepting and using the code. The REINER SCT Authenticator requests a new security code for authentication every 30 seconds. To log in successfully, users must enter the correct security code within 30 seconds. Otherwise a login is not possible.
AitM is a major threat to personal data and the security of accounts on websites, whether private or business. A secure MFA system offers protection against an adversary-in-the-middle attack.
Conclusion
An adversary-in-the-middle attack is the next step up from a man-in-the-middle attack, so to speak. Where information is intercepted in the second case, AitM targets direct access to accounts. With access to accounts, hackers are able to do just about anything they want. And that is usually not a positive thing.
Protection against AitM is provided by a good MFA system that is secure against phishing and creates an additional hurdle for hackers. This means that the intercepted access data is still secure, as hackers cannot use it.
