Business and Enterprise
Protect your company from cybercriminals.
Start Free TrialMan-in-the-Middle (MITM) attack is a cyber attack where a cybercriminal intercepts data sent between two businesses or people. The purpose of the interception is to either steal, eavesdrop or modify the data for some malicious purpose, such as extorting money.
MITM attacks depend on the manipulation of existing networks or the creation of malicious networks the cybercriminal controls. The cybercriminal intercepts traffic and either lets it pass through, collecting information as it goes or reroutes it somewhere else.
Cybercriminals essentially act as “middlemen” between the person sending information and the one receiving it, hence the name "man-in-the-middle attack." These attacks are surprisingly common, especially on public WiFi. Public WiFi is often unsecured, so you can't know who is monitoring or intercepting web traffic since anyone can sign on.
There are several kinds of MITM attacks, making them one of the most versatile cyber threats around today.
Public Wi-Fi
One of the most common MITM attack methods is over public WiFi. Public WiFi is often unsecured, so cybercriminals can see web traffic from any of the network’s connected devices and lift information as needed.
Rogue Access Point
A rogue access point is a wireless access point that’s been installed on a legitimate network. This allows the cybercriminal to intercept or monitor incoming traffic, often rerouting it to a different network entirely to encourage malware downloads or extort the user. Malware is a type of malicious software installed onto a victim’s device that is used to spy and steal data.
IP Spoofing
IP spoofing involves modifying an IP address to reroute traffic to an attacker’s website. The attacker “spoofs” the address by altering packet headers to disguise themselves as a legitimate application or website.
ARP Spoofing
This attack links the attacker’s MAC address with the victim’s IP address on a local area network using fake ARP messages. Any data sent to the local area network by the victim is instead rerouted to the cybercriminal’s MAC address, allowing the cybercriminal to intercept and manipulate the data at will.
DNS Spoofing
The cybercriminal enters a website’s DNS server and modifies a website’s web address record. The altered DNS record reroutes incoming traffic to the cybercriminal’s website instead.
HTTPS Spoofing
When a user connects to a secure site with the https:// prefix, the cybercriminal sends a fake security certificate to the browser. This “spoofs” the browser into thinking the connection is secure, when in fact, the cybercriminal is intercepting and possibly rerouting data.
Session Hijacking
Cybercriminals use session hijacking to take control of a web or application session. Hijacking expels the legitimate user from the session, effectively locking the cybercriminal into the app or website account until they’ve gained the information they want.
Packet Injection
The cybercriminal creates packets that seem normal and injects them into an established network to access and monitor traffic or initiate DDoS attacks. A Distributed Denial-of-Service (DDoS) attack is an attempt to disrupt the normal traffic of a server by overwhelming it with a flood of internet traffic.
SSL Stripping
The cybercriminal intercepts the TLS signal from an application or a website and modifies it so the site loads on an unsecured connection as HTTP instead of HTTPS. This makes the user’s session viewable by the cybercriminal and exposes sensitive information.
SSL Spoofing
This method involves “spoofing” a secure site address so the victim navigates there. Cybercriminals hijack communication between the victim and the web server of the site they want to access, disguising a malicious site as the legitimate site’s URL.
SSL BEAST
The cybercriminal infects a user’s computer with malicious JavaScript. The malware then intercepts website cookies and authentication tokens for decryption, exposing the victim’s entire session to the cybercriminal.
SSL Stealing Browser Cookies
Cookies are useful bits of website information that the sites you visit store on your devices. These are useful for remembering web activity and logins, but cybercriminals can steal them to gain that information and use them for malicious purposes.
Sniffing
Sniffing attacks monitor traffic to steal information. Sniffing is performed with an application or hardware and exposes the victim’s web traffic to the cybercriminal.
Detecting a MITM attack can help a business or individual mitigate the potential damage a cybercriminal can cause. Here are some methods of detection:
Preventing man-in-the-middle attacks can save individuals and businesses thousands in damages and keep their web and public identities intact. Here are some essential tools to help prevent MITM attacks:
Password Manager
Virtual Private Network