Successful MITM attacks gain the trust of communicating parties by impersonating a trusted website and eavesdropping on secure conversations. Access to SSL/TLS keys and certificates facilitates MITM attacks, and unsecured or lightly protected wireless access points are often exploited for entry.
There are several ways a bad actor can break the trust SSL/TLS establishes and launch a MITM attack. For example, a website’s server key could be stolen, allowing the attacker to appear as the server. In some cases, the issuing Certificate Authority (CA) is compromised, and the root key is stolen, so criminals can generate their own certificates signed by the stolen root key.
MITM can also result from a client’s failure to validate the certificate against trusted CAs, or when a client is compromised, and a fake CA is injected into the client trusted root authority. In many MITM attacks, malware performs this action to redirect users to fake banking web sites, where sensitive information can be easily stolen.
For enterprises, MITM attacks misuse trust to steal intellectual property, sensitive personal information, and damage an organization’s reputation. For highly regulated industries like healthcare and finance, these attacks can also result in costly penalties. To remediate these exploits, organizations need to identify and revoke all certificates used on impacted servers, create new keys for certificates, and verify that new keys and certificates are being used.
SSL generally prevents man-in-the-middle (MITM) attacks. During an attempt at a MITM attack, a hacker tries to intercept your data stream. They might set up a listening computer in a coffee shop, for example, to secretly force information to pass through it instead of directly between your computer and a website server.
But SSL encrypts the data being sent. That means that even if someone is able to listen in on the data stream, the encrypted data is not readable by them.
In its intended operation, SSL prevents data from being stolen or manipulated many times per day. It creates secure connections between client computers and website servers.
Of course, thieves steal, and some of them steal decryption keys, letting them get around or exploit SSL vulnerability at times, as we have written about elsewhere. But remember that many more times, SSL prevents data theft.
Expired certificates either cause unplanned system outages or open a door through which hackers can enter your network, or both. An SSL/TLS session that uses an expired certificate should not be trusted. Accepting an expired certificate makes users vulnerable to man-in-the-middle (MITM) attacks. To remediate this issue, all expired certificates should be identified and removed from servers.
