An adversary-in-the-middle attack is a form of man-in-the-middle attack, but the “adversary” imitates the user directly via the intercepted data. This makes it possible to bypass logins and log directly into accounts.
Adversary-in-the-middle attack definition
The adversary-in-the-middle attack (AitM) is classified as phishing. The attackers are after data that they can use to gain access to accounts. The specific target of the adversary-in-the-middle attack is session cookies. Cookies are the data stored on the computer or in the browser that ensure that we do not have to re-enter our access data every time we visit a website. This makes it easier for users to stay on their favorite websites. However, it also poses a risk to data protection. The adversary-in-the-middle attack targets this data. Attackers place themselves between the user and the website, intercept the data and then impersonate the user on the website. In this way, they gain access to the accounts without additional login.
Adversary-in-the-middle attack: procedure
The adversary-in-the-middle attack runs via a proxy server. A hacker installs this between the user and the website. The proxy server intercepts the user’s login data, such as name and password, when the user logs on to the website in question. It also saves the cookie for the session. In this way, the proxy server saves all the data required to log on to a website and the status of the session. The cookie contains the session data. This means that the website remembers that the user has already logged in and therefore no longer asks for authentication. This makes it possible for attackers to log in directly to the website and steal further data or carry out actions there. For example, purchases in an online store with the user’s data.
Effects of and protection against AitM
An adversary-in-the-middle attack is a phishing attack. The first effects are therefore stolen data. The further effects of this data theft depend on the type of website in question. As already mentioned, attackers can use the data from an online store to make purchases in the name and at the expense of the user. It can have a greater impact if company accounts are attacked. Hackers can cause any amount of damage by gaining access to a company’s internal data. This ranges from business interruptions to non-compliance with regulations. This can result in large fines or other costs. Multi-factor authentication (MFA) offers the best protection against an adversary-in-the-middle attack. It is important that it is an MFA that is protected against phishing. Otherwise, hackers use the intercepted data to bypass the MFA and it no longer has any effect. According to experts, up to 95 percent of MFAs in companies are circumvented by phishing. This is because many MFA systems send a one-off security request that hackers can copy directly. A more phishing-proof MFA system changes the security prompt regularly, preventing hackers from intercepting and using the code. The REINER SCT Authenticator requests a new security code for authentication every 30 seconds. To log in successfully, users must therefore enter the correct security code within 30 seconds. Otherwise it will not be possible to log in. AitM is a major threat to personal data and the security of accounts on websites, whether private or business. A secure MFA system offers protection against an adversary-in-the-middle attack.
Conclusion
An adversary-in-the-middle attack is the next step up from a man-in-the-middle attack, so to speak. Where the latter involves intercepting information, AitM targets direct access to accounts. With access to accounts, hackers are able to do just about anything they want. And that’s usually not a good thing. Protection against AitM is provided by a good MFA system that is secure against phishing and creates an additional hurdle for hackers. This means that the intercepted access data is still safe, as hackers cannot use it.