Cybersecurity Exploits

In this section

Related articles

OWASP Top 10 VulnerabilitiesSecurity Vulnerability: types and remediationMalicious Code ExplainedVulnerability vs Weakness: Understanding Key Differences in AppSecOWASP API Security Top 10 RisksWhat is CVE? Keeping Track of Vulnerabilities with CVE Vulnerability DatabaseWhat Are Security Misconfigurations and How Can You Prevent Them?Securing Front-end Attack SurfacesSour Mint - The case of malicious advertisement SDK affecting thousands of mobile apps

Man-in-the-Middle (MITM) Attack

Want to try it for yourself?

Start free

Man-in-the-Middle (MITM) Attack

0 mins read

Web application security is a major concern for every business regardless of size or industry. One method utilized by hackers is to intrude on what is assumed to be private digital communication between individuals is the man-in-the-middle attack (MITM).

Like the party line phones of days gone by, a MITM attack puts an unauthorized intruder between two parties, listening in to an exchange of subject matter that may contain private discussions, email addresses, bank accounts, or other sensitive information.

What is a Man-in-the-Middle Attack?

Man-in-the-middle attacks take place where the perpetrator intercepts communication between two parties, often even altering the exchange of their information. The intent is to appear as though the responses are among the two participants while the messages are actually being generated by the attacker.

MITM attacks are essentially electronic eavesdropping between individuals or systems. Of course, a successful man-in-the-middle attack can only be completed if the attacker is effectively responding to both the sender and receiver such that they are convinced the information exchanged is legitimate and secure.

Even in cases where the parties eventually catch on that the responses do not appear relevant or sensible for the other party and discontinue the exchange, it could be too late if confidential information such as bank accounts or passwords were provided.

Man in the Middle Attack Example

There are various types of MITM attacks, used with different intent:

Personal MITM Attack

A malicious hacker sitting in a coffee shop and using public WiFi intercepts an exchange between two parties starting a financial transaction such as a balance transfer. By entering the conversation between these participants, the perpetrator intercepts the request for an account number and receives the response.

The perpetrator then sends their account to the requestor and asks the source party for the password. By exchanging their information, or false values, they can receive the actual information from the parties and make balance transfers to their account.

Phony Access Point Attack

With the popularity of WiFi networks, unscrupulous MITM hackers are known to set up “rogue” access points near reputable stores or restaurants that offer public WiFi.

When unsuspecting users search for available WiFi sites, they see the rogue site with a similar (but phony) name and log onto that network, which is the hacker’s access point or mobile hotspot. He can then intercept all activity taking place during that session.

Business MITM attack

Through intercepting an exchange between a computer session and server, the man in the middle attack can observe and steal account and password information easily, using those values for penetrating business applications or logins to financial institutions.

Transactions that are susceptible to MITM attacks include:

  • Private person-to-person communications that individuals assume are secure

  • Login and authentication to financial institutions

  • Gaining access to login activity to other profitable websites such as e-commerce stores

Man in the middle attackers utilize a variety of approaches in connecting to victims for their unscrupulous efforts:

  • IP spoofing to fool users into thinking they’re interacting with a different person or website

  • HTTPS spoofing that makes users think they’re on a secure site – but they’re really connected to an imposter site

  • SSL hijacking where the thief intercepts activity to the secure server and reroutes it to their computer

  • Stealing browser cookies to capture secure information stored there

While there are additional methods, creative hackers are constantly seeking new ways to exploit websites and computer vulnerabilities.

How to Prevent Man in the Middle Attacks?

MITM attacks can be prevented by utilizing software tools and taking the proper precautions.

  • Never utilize public WiFi for website use that is intended to be secure

  • Utilize a secure VPN to eliminate MITM exposure to ensure that all information is encrypted and cannot be viewed

  • For home WiFi, never retain the default login/password values provided by the vendor as hackers know all the defaults for leading router manufacturers, and will try those values first when attempting to hack your home network

  • Never click links or open attachments in unexpected or suspicious emails.

  • Scrutinize emails that appear to be from financial institutions you already do business with

  • For businesses, implement multi-factor authentication to make MITM attacks extremely difficult and success unlikely

How to Detect Man in the Middle Attacks?

In many cases, MITM attacks can be detected through awareness:

  • Secure sites will always include the HTTPS designation (an exception would be if the MITM attacker has spoofed that address).

  • When connecting via WiFi, pay close attention to the network name and ensure it makes sense for your location

  • Click on the address bar lock symbol to identify the security certificate that’s in use and that the name and network make sense

How Common are Man in the Middle Attacks?

MITM attacks are not as common as the more prevalent phishing or ransomware attacks, but estimates indicate that as much as 35% of attacks in 2019 were related to attempts at exploitation through MITM attacks.

That's it for this collection!

View more Learn articles
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo

Product

What is Snyk?Snyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerSnyk Infrastructure as CodeSnyk AppRisk (ASPM)Developer Security PlatformApplication securitySoftware supply chain securitySecure AI-generated code DeepCode AIPricingDeployment optionsIntegrationsIDE pluginsGit SecurityCI/CD pipelines securitySnyk CLISnyk LearnSnyk for JavaScript

Resources

DocumentationSnyk API DocsAPI statusDisclosed vulnerabilitiesSupport portal & FAQ’sBlogSecurity fundamentalsResources for security leadersResources for ethical hackersVulnerability DatabaseSnyk OSS AdvisorSnyk Top 10VideosCustomer resources

Company

AboutCustomersCareersEventsSnyk for governmentPress kitSecurity & trustLegal termsPrivacyFor California residents: Do not sell my personal informationWebsite Terms of Use

Connect

Book a live demoContact usSupportReport a new vuln

Security

Application SecurityContainer SecuritySupply Chain SecurityJavaScript SecurityOpen Source SecurityAWS SecuritySecure SDLCSecurity postureSecure codingEthical HackingAI in cybersecurityCode CheckerPythonEnterprise CybersecurityJavaScriptSnyk With GitHubSnyk vs VeracodeSnyk vs Checkmarx

© 2024 Snyk Limited
Registered in England and Wales

logo-devseccon