Attacker-in-the-Middle Attacks: How Safe Are You in Public Spaces?

ByNeil Richardson
Woman on computer

Public Wi-Fi is everywhere – in cafés, airports, hotels, and more. 

It’s super convenient. 

But it also poses a huge cybersecurity risk, especially for businesses with remote workers, or team members who work in coffee shops and other public places.

When you connect to a public network, you might assume you’re securely linked to the internet. However, there’s always a risk that someone could be intercepting your connection without your knowledge.

This is known as an Attacker-in-the-Middle (AitM) attack.

In simple terms, it happens when a cybercriminal secretly inserts themselves between you and the service you’re trying to access. 

They can eavesdrop on your communication, steal sensitive data, or even alter the data being exchanged. 

All without you realising…

The 7 most common types of AitM attacks:

Evil Twin Attack

  • Attackers set up a fake Wi-Fi network that looks identical to a legitimate one. When victims connect, attackers can intercept their data.

Wi-Fi Eavesdropping

  • Data transmitted over unsecured or public Wi-Fi networks is intercepted by attackers.
  • Sensitive details, like passwords or payment information, can then be captured.

Session Hijacking

  • Cybercriminals steal session cookies to gain unauthorised access to online accounts. 
  • This method is often used to take over login sessions for email, social media, or banking.

DNS Spoofing/Poisoning

  • Attackers manipulate Domain Name System (DNS) records to redirect users to fake websites. 
  • Victims may unknowingly enter sensitive information on these malicious sites.

SSL Stripping

  • Attackers downgrade a secure HTTPS connection to an unencrypted HTTP connection, allowing them to intercept data while the victim remains unaware the connection is insecure.

Attacker-in-the-Browser (AitB)

  • Malware infects a browser to manipulate web sessions. 
  • This is commonly used to alter online transactions without the victim noticing.

ARP Spoofing

  • Attackers send fake Address Resolution Protocol (ARP) messages on a local network to associate their MAC address with the victim’s IP address.
  • This enables them to intercept or modify data on that network

While this list of threats may seem a bit daunting, the good news is that you can protect yourself and your business.

Here are 3 actionable steps to help you stay secure:

Embrace Encryption 

Encryption scrambles your data so only the intended recipient can understand it. 

Even if a hacker intercepts your information, it will look like gibberish without the proper “key” to decode it.

Here’s how you can use encryption to stay secure:

1. Use Transport Layer Security (TLS) Protocols:

  • TLS (Transport Layer Security) protects data shared between your device and websites. It ensures only authorised parties can access the data and confirms the website’s legitimacy.
  • Always look for websites with TLS certificates (they’ll have “HTTPS” in the URL, not just “HTTP”). Make sure your employees know this!
  • Schedule regular audits for encryption methods to make sure they meet the latest security standards. 

Top Tip: Browser extensions can automatically enforce secure connections wherever possible. 

2. Put Virtual Private Networks (VPNs) Everywhere

A VPN acts like a secure tunnel for your internet connection, hiding your online activity and protecting sensitive data. 

Even on public Wi-Fi.

Tips for top security:

  • Choose trusted VPN providers with strong encryption (e.g. AES-256).
  • Require employees to use VPNs if they access company resources when working remote.
  • Train employees to ALWAYS enable VPNs on public Wi-Fi (like in coffee shops or airports) to protect against any eavesdropping.

3. Strengthen Your Wi-Fi Security

Your company Wi-Fi network is basically a gateway to your data. And it must be secure. 

Make it your first priority…

Only authorised users should be able to connect to your network. 

  1. Start using WPA3 encryption for your corporate network. It’s the most secure Wi-Fi standard available today. (Avoid older standards like WPA2, which are becoming vulnerable to attacks.)
  2. Create stronger passwords. They should be at least 12-16 characters long and include a mix of upper and lowercase letters, numbers, and symbols.
  3. Change those passwords regularly (every 3-6 months) to limit access. Even if someone secretly gains access, they won’t have it for long.

Be mindful of former employees who may still have access to your network after they leave. If you don’t regularly update passwords, this could be a major problem. 

I’ve put together a whole post about unauthorised access and keeping privileges up-to-date for high-turnover companies, if you’re interested.

Next up: 

Secure Your Network 

To protect your business from cyber threats, it’s essential to have strong network security measures in place. 

Here’s 3 network security strategies every business ought to know:

1. Network Segmentation

Think of your network as a building with different rooms. Network segmentation divides it into smaller, secure “zones”, each with its own access controls. 

This makes it much harder for hackers to move freely if they get in.

You should: 

  • Place critical systems like servers, databases, or financial records in their own isolated segments.
  • Limit access to these segments to authorised users or devices only.
  • For example, keep customer data or financial information in separate zones that only specific employees can access.

By separating your network, even if one part is compromised, the rest stays secure.

2. Regular Updates and Patching

Outdated software is an open door for hackers.

Updates and patches close those gaps by fixing vulnerabilities before they can be exploited.

What you can do:

  • Always keep software and hardware up-to-date.
  • Automate the process with tools that:
    • Alert you when updates are available.
    • Apply patches automatically to ensure no system is accidentally left exposed.

If you’re running a large network, these tools can save time and prevent oversights. 

Regular updates might seem small, but they’re a really powerful way to strengthen your defences.

3. Traffic Monitoring

Keeping an eye on network traffic can help you catch suspicious activity before it becomes a problem.

Tools like Intrusion Detection and Prevention Systems (IDPS) can help by:

  • Detecting unusual traffic patterns, like a surge of requests to a specific server.
  • Identifying attacks such as DNS spoofing (redirecting users to fake websites) or ARP spoofing (impersonating devices on your network).
  • Sending real-time alerts so you can act quickly.

Don’t forget to monitor devices connected to the network (e.g., employee laptops or phones).

Look for unusual behaviour like:

  • Sudden spikes in data usage.
  • Unexpected connections to unknown IP addresses.

Note: If a transaction or connection suddenly takes longer than usual, it could be a sign that a hacker has gotten in. 

Educate Your Employees

Human error is behind a huge number of data breaches. So, unfortunately, when it comes to cybersecurity, your employees are unintentionally one of your weakest links. 

Help your team spot common tactics used by AitM, such as:

  • Phishing scams designed to steal login credentials or sensitive data.
  • Fake Wi-Fi networks set up to capture private information.

If there’s one lesson to take away from this guide, it’s this: never access sensitive systems over unsecured public Wi-Fi. Repeat it to yourself, and remind your team. 

It’s a simple rule that can prevent major security risks.

To make training effective:

  • Keep it engaging and interactive with simulations and quizzes.
  • Give employees hands-on practice in identifying suspicious activity, like spotting fake networks or phishing emails.
  • Schedule training regularly to keep security top of mind.

Enforce Multi-Factor Authentication (MFA)

MFA is one of the easiest and most reliable ways to secure your accounts.

What is MFA?

MFA requires users to verify their identity using two or more methods, such as:

  • Something you know: A password.
  • Something you have: A physical token, security key, or authentication app (like Google Authenticator or Microsoft Authenticator).
  • Something you are: Biometrics, such as a fingerprint or facial recognition.

Why MFA Works:

Even if a hacker steals a password, they still can’t access the account without the additional verification step.

So, make MFA mandatory across all critical systems and provide employees with clear instructions on how to set up MFA tools.

Disable Automatic Connections

Devices that connect to networks automatically are at risk of joining malicious ones without the user realising it.

Leaders should: 

  • Guide employees on how to disable automatic Wi-Fi connections in their device settings. (This is usually found under “Wi-Fi” or “Network Settings.”)
  • Encourage them to manually select and verify networks before connecting, especially in public spaces.

At the end of the day: Cybersecurity isn’t just about technology. 

It’s about creating a culture of awareness, preparation, and smart habits that keep you and your business safe.

You have the power to build a robust security strategy that lets you work confidently, even in public spaces.

Be vigilant, stay safe, and protect what matters most.

Looking for some guidance? 

At Cyber Alchemy, we specialise in crafting tailored cybersecurity strategies that fit your business. 

From assessing vulnerabilities to designing robust defences, we help you build a proactive security framework that supports your goals. 

Contact us today to get started!

Similar Posts