Man-In-The-Middle (MitM) Cyber Attacks - What Are They & How to Protect Against

Man-In-The-Middle Attacks

Ransomware and phishing are common terms we hear in a typical cybersecurity conversation; they are attacks that we have all heard of or unfortunately have experienced. A lesser known but equally daunting cyber attack is called man-in-the-middle or MitM attacks.

What Are They

A man-in-the-middle attack occurs when a malicious actor interferes between two legitimate people in an online conversation. This can be as involved as changing the content of the exchanges between the legitimate users or merely eaves dropping on these unsuspecting communicators. While this makes the name of the attack obvious, the MitM attack's purpose is not quite as straight forward. Hackers can use these attacks to steal personally identifiable information (PII) such as login data, home addresses, and financial information, as well as the purpose of ruining the legitimate communications between real people for some malicious purpose. This could be to steer the conversation in a direction that gives the hacker access to some sort of gain, be it financial, informational, or other. It could also be to disrupt the conversation that the legitimate users were trying to have; this could be because the hacker disagrees with the agreement taking place or to cause frustration for enemies of the attacker. Whatever the reason, these attacks are intentional and for some specific reason.

These attacks come in two forms: location-based and malware-based. Location based involves physical proximity to the hacker's target -- this would be something that is carried out via WiFi or Bluetooth. The second form, malware-based, is like a more typical type of cyber attack. Malicious software is used to infiltrate one of the legitimate users' devices or the site being used for the communications itself and the hacker sets out to fulfil their intended malicious plan. Malware-based MitM attacks are more common.

Not only are there two forms of this type of attack, but cybercriminals also typically execute MitM attacks in two stages. The first of these stages is interception which happens when the attacker uninvitedly joins the conversation without the knowledge of the other two participants and takes information from them. This is just part one of the malicious plan, the second stage is what makes the data actually useable by the hacker. The attacker decrypts the stolen information from the unsuspecting people and the hacker then uses this information for whatever purpose they stole the information for in the first place.

As you can see, this is a creepy, spy-like attack that is invasive and can result in crucial private information being made vulnerable to attackers. This is why it is important to take steps to prevent this attack from impacting you.

How To Protect Against

• Do not use public WiFi when possible -- Both location- and malware-based MitM attacks are more likely to impact you if you are utilizing weak Internet connections. Public WiFi is notorious for being weak as the password is usually posted around the building and everyone in the location is using it, despite being strangers. If possible, try to work offline when in public, or use a password-protected hotspot off of your own phone.
• Use strong passwords -- In the unfortunate case that you have to use public WiFi or do not have a strong and safe connection, the use of a strong password will help to prevent the attacker from using the connection they get through interfering with your legitimate conversation to gain access to your other accounts. This is also just a good cybersecurity practice, regardless of the attack.
• Do not discuss private information on unsecure networks or sites -- While it is not always possible to have sensitive conversations in person, it is best to avoid having these discussions online when possible so that if an attack such as this happened to you, this information is not available for the malicious actor to steal.
• Apply the approach of multi-factor authentication to your conversations -- If something seems fishy with your conversations between people you have spoken to in the past, use the approach of multi-factor authentication with your conversations. One of the purposes of a malicious actor using an MitM attack is to disrupt and change the conversation between the two legitimate communicators. If this seems like it is happening, call your friend or coworker or contact them by another means that you know to be legitimate. This will help to validate that what you are saying is what they are seeing and vice versa.

Image by Harryarts for Freepik.