Sage Advice - Cybersecurity Blog

Cyberattacks 101: Man-In-The-Middle


Cyberattacks are on the rise. Cybercriminals continue to expand and improve new attack methods every day. In fact, many of these new or updated attacks are working because they can often get through traditional defenses undetected. With proper knowledge, awareness, and cautious browsing, you can help your organization defend against attacks.

We’ll cover the basics of man-in-the-middle attacks below.

What are Man-in-the-Middle attacks and how do they happen?

Man-in-the-Middle (MITM) attacks happen when communications between two parties are intercepted by an attacker. These attacks allow the attackers to interject and eavesdrop on the communication or data transfer between the two targets and allows the attacker to alter the traffic going between the two parties. In these attacks, the ‘targets’ are usually a human and a service. The attacker can act passively in the conversation at hand, or even go so far as to steal credentials, alter emails and other messages, or impersonate the person you believe to be communicating with.

Most MITM attacks follow a similar course:

  1. The attacker will slyly listen in to your communication – with another human or wireless service that is connected to the internet – in the background
  2. You then send an email, entering information into a form, or log in to an account
  3. The attacker intercepts the information
  4. The attacker uses the information gained for nefarious purposes

In a MITM attack, the middle participant – the attacker – will manipulate the data or conversation between the two legitimate parties without them knowing, which could cause significant damage to both parties involved.

What are the potential impacts of MITM attacks?

  • Credentials could get stolen. In an MITM attack, hackers can steal usernames and passwords to gain access to potentially confidential and valuable personal information. How does it work? The person thinks they are entering their credentials in a safe website form or application. But that information is instead intercepted by the attacker.
  • The hacker could redirect a money transfer for their financial gain. Once the hacker has stolen credentials, they could use it to make orders, transfer money, or move funds around. In this case, the attacker in the middle of the transaction could then send the money to themselves instead of to the intended destination.

What are the key attributes of an MITM attack?

There are two specific elements that make a man-in-the-middle attack. These are interception and encryption.

During the interception stage, the attacker needs to find a way to steal the data or access the data that is being sent between the two parties – the victim (user) and the supposedly trusted source. A common way that hackers can do this is to compromise the WiFi in an area. However, there are other technical ways it can be done, such as IP address spoofing, DNS spoofing, ARP spoofing, and more.

Once the attacker has managed to gain access to the data they want (interception element), they next must decrypt it (encryption element). The hacker will convert the stolen data into a format they can use. To do this, hackers will use tools like HTTPS spoofing, SSL stripping, and data hijacking.

How can we defend against an MITM attack?

The first step to lessen your chances of getting compromised by an MITM attack is by avoiding public WiFi. Attackers can use fake or compromised WiFi networks to perpetrate an MITM attack, so it’s best to stay on your own private WiFi network. Although connecting to the WiFi at the coffee shop or airports might be convenient, it’s definitely risky.

MITM attacks can also be conducted on any insecure WiFi router. Always make sure to secure your home network, too! And try to avoid connecting to other networks outside of your home –even if you’re at a friend’s house whose WiFi doesn’t have a password.

If you need to connect to a public or outside network, make sure you’re using a VPN. It will help create a secure way to connect to the internet without sharing everything with a man-in-the-middle attacker.

Always be sure that you are not connecting to websites without the “HTTPS.” The S stands for “secure,” so you should avoid going to websites that only have HTTP in the URL.

Finally, make sure that you're using strong, unique passwords and have multifactor authentication (MFA) enabled for any account that will allow it. You should also have an antivirus tool installed on your devices and stay up-to date with any software’s latest patches.

By taking these preventative measures, you will help mitigate the risk of falling victim to a man-in-the-middle attack and any devastation that would occur from it.

The Tyler Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

Cybersecurity Lifecycle

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More