Man-in-the-Middle:All You Need To Know

Man-in-the-Middle: All You Need To Know

Helga Smith

Man-in-the-Middle attack is the type of cyber attack where threat actors get hold of communication channels and can interfere with it. No one from the participating party will know that there’s someone third in the channel.

Sometimes this type of cyber threat is called man-in-the-browser (threat actors infect victim’s browser with malicious proxy), monkey-in-the-middle, machine-in-the-middle and monster-in-the-middle. The attack usually begins with malware sent to victims via phishing emails.

With this type of an attack threat actors aim to steal various kinds of information like credit card numbers, account details, login credentials, etc. The attack takes place in real time.

How Does MitM Attack Work?

The most popular targets of MitM are online e-commerce and banking sites where secured authentication is required with a private or public key.

They are so popular in such an attack because these sites allow threat actors to easily get a hold of the victim’s login credentials and other confidential information.

In the course of MitM attack threat actors immerse themselves in the middle of online communication. Usually this attack gets done in two steps: data interception and decryption.

Man-in-the-Middle:All You Need To Know
Visualization on how MitM works

In the first step, threat actors intercept data that is transferred between a client and a server. Both are tricked into believing that they secure and genuine connection while threat actors work as a proxy in a communication.

This step allows them to read and inject false information in the compromised channel. To describe more precisely the way the interception step works we can say this:

  • Threat actors install special packet sniffers to catch where network traffic might be unsecured. For example, users may be accessing Hypertext Transfer Protocol (HTTP)-based websites or using some non secure public hotspot;
  • User logs in onto detected unsecured website and threat actors get a hold of victim’s information after that redirecting them to a fake website;
  • The fake website disguises as an original one and collects all shared data later to be used by threat actors to access all the victim’s resources on the original site.
  • In the decryption phase threat actors unencrypt the intercepted data. Threat actors decipher stolen data and make use of it. For example, they can conduct identity theft or attack some business operations.

    What Are The Main Types Of Man-in-the-Middle Attacks

    To get an access to victim’s device and sensitive information threat actors will do MitM attack in one of the following ways:

    • Cache Poisoning.Specialists also name it Address Resolution Protocol or ARP cache poisoning. This is one of the most popular modern day MiTM attacks that allows threat actors residing on the same subnet as the victim is to eavesdrop on all traffic director in both sides;
    • Session Hijacking. In another way it is called stolen browser cookies MiTM attack. Threat actors attack browsers stealing valuable information stored on browser session cookies. With this kind of an attack threat actors can gain an immense source of various valuable information to get their hands on;
    • Wi-Fi Eavesdropping. This kind of MiTM attack threatens those who use public wifi networks. In the attack threat actors create wifi hotspots that have names resembling local shops, restaurants, caf├ęs, etc. With such a trick unknowingly users get connected to malicious wifi connections and that’s how threat actors receive access to victim’s online sessions;
    • Email Hijacking. This is where threat actors get control over a victim’s email account related to a bank or other similar financial institution in order to view all the transactions done. Sometimes threat actors make a spoof of some bank email address to send to its customers fake notifications and luring them into transfering money to threat actors;
    • Secure Sockets Layer Hijacking. When connection is established between web server and browser it is done via SSL protocol. Threat actors compromise this type of connection with a help of another computer and other secure server and conduct an interception of all the information transmitted between the compromised server and victim’s computer;
    • HTTP Spoofing. HTTPS means secured and safe internet connection while just HTTP means not that needed level of website security. In a HTTP spoofing attack threat actors redirect the victim’s browsing session to an unsecured or HTTP connection without the user suspecting this. In such a stealthy way threat actors can view any victim’s interactions and also get a hold of any shared information;
    • Domain Name System Spoofing. When doing DNS spoofing, threat actors change domain names and reroute users to fake websites. Instead of landing on some legitimate website users will end up on a website operated by threat actors. The main aim of this attack is to redirect traffic on threat actor’s operated website or steal login credentials;
    • Internet Protocol Spoofing. Here threat actors change the source IP address of a device, email or website to make victims believe they are dealing with real resources, but instead they will just give up all their important information to criminals.

    How To Prevent Man-in-the-Middle Attack

    Usually in any cyber threat the best solution would be the effective mitigation techniques. A few steps can be followed to ensure defense against this cyber threat:

    • Using VPN.Virtual private network tool encrypts your connection and transmitted online data so even if threat actors manage to get a hold of your channel they won’t be able to decipher it.
      Your valuable information like passwords or credit card information will be secured by the VPN encryption. Not only individuals should use the tool but also organizations need to make sure their employees access company’s workspace with secure connection especially if they are those who work remotely;
    • Being cautious against phishing emails.One of the major mediums for all kinds of threat actors to lure victims to start the attack. Be cautious when receiving any emails claiming to be sent from your bank asking you to update your login.
      Don’t click on any links in such emails as they might redirect you to some malicious website or trick you into installing malware. Think twice before opening or clicking correspondence that comes from unknown or unverified sources;
    • Using secure connection.Surfing on the internet better look for websites with HTTPS connection and padlock in a search bar. They mean that the connection is secured and safe; your valuable and important information won’t get stolen.
      Also try not to use public wifi networks as they often don’t offer complete security and easily get hacked. In organizations multi factor authentication should be put in place across the board to ensure an additional layer of online security;
    • Educating users.Most cyber attacks occur because of human error. Employees should be acknowledged on how to recognize malicious emails, what are the best security practices and why it’s not advisable to use public wifi networks;
    • Implement end-point security.It’s no less important to have antimalware and internet security products on board because MiTM attacks also execute malware. You can prevent the spread of malware by having effective tools present on your system.
    • MalwareMalware protectionMan-in-the-Middle


Leave a Reply

More great articles

Securely Store Passwords

How To Securely Store Passwords

Setting hard-to-guess passwords and remembering them is no easy task, and even the best of us make mistakes. Like any…

Read Story
What Is IP Sniffing: Things To Know

What Is IP Sniffing: Things To Know

What Is IP Sniffing IP sniffing or packet sniffing is a practice by which network administrators can monitor and analyze…

Read Story

Antivirus Scanner, Anti-malware, Antivirus Program

Not each user understands the difference between antivirus, anti-malware software and antivirus scanner. All of these program types serve a…

Read Story