Show
A man-in-the-middle attack (MITM attack) is a general cybersecurity term used to describe all cyberattacks that allow cybercriminals to eavesdrop on private communication between two or more endpoints and potentially modify the content of this communication. Note: Man-in-the-middle attacks are not specific to web application security and are considered to be a network security issue. However, they strongly influence the security of web servers and web apps. There are also types of MITM attacks that are specific to the web only. MITM attacks can be generally subdivided into two categories: Passive man-in-the-middle attacksIn a passive MITM attack, the attacker does not modify the existing communication channel in any way. They are simply able to gain access to communication from the outside. This is possible, for example, with communication protocols where the sender does not establish a dedicated connection with the recipient but rather broadcasts the message and expects the recipient to recognize that the broadcast is directed to them. Active man-in-the-middle attacksIn an active MITM attack, the attacker intercepts communications and assumes the identity of both the recipient and the sender. They trick the sender into believing that they are the correct recipient, and the recipient into believing they are the original sender. In this type of attack, the attacker receives all communication destined for the recipient and relays it to the original recipient, potentially modifying the data along the way. Types of man-in-the-middle attacksSince the term MITM attack can be used to describe any attack with a third party involved in communication, there could potentially be tens or even hundreds of different specific cases or such attacks. However, there are several techniques that black-hat hackers most commonly use for such attacks. Each of the following techniques is described in detail in a separate section of Invicti Learn:
Common MITM attack scenariosThere are several situations that carry an elevated risk of MITM attacks. Here are some typical scenarios:
Potential consequences of a MITM attackA successful MITM attack is the holy grail for a cybercriminal. If a malicious actor is able to take an active part in communications, they are not only able to access all sensitive data transmitted between the affected parties but, more importantly, able to send fake data to both parties, too. For example, if an attacker is able to eavesdrop on and modify communication that involves sending files, they are able to send ransomware or other malware such as trojans to the affected parties to escalate their attack further. There are many other reasons why cybercriminals may want to use MITM attacks, such as identity theft, session hijacking, or even exerting political influences or gaining a competitive advantage in e-commerce situations. The scope of potential damage is dependent on the type of communication that is intercepted. Examples of famous MITM attacksMan-in-the-middle attacks were known a long time before the advent of computers. In the world of computing, some of the most famous cases linked to MITM attacks were the following: How to detect MITM attacks and vulnerabilities?Since man-in-the-middle attacks work in different ways, specific detection depends on the attack type. However, detecting a MITM attack in real time often means that the damage has already been done, and the only thing the victim can do is minimize the consequences and prevent escalation. To prevent this, you should focus on detecting vulnerabilities that enable MITM attacks.
How to prevent MITM attacks?Prevention of MITM attacks is specific to the type of attack due to the variety of possible network layers, protocols, and techniques. However, you can follow three general rules to greatly reduce the risk of you or your company falling prey to a MITM attack:
Frequently asked questions
A man-in-the-middle attack (MITM attack) is a general cybersecurity term used to describe all cyberattacks that allow cybercriminals to eavesdrop on private communication between two or more endpoints and potentially modify the content of this communication. Read an article about MITM attacks.
Ways of preventing MITM attacks depend on the specific attack type. However, general recommendations are: do not trust public networks (use a VPN), enforce HSTS for your domains, and follow general cybersecurity hygiene rules. Learn more about HSTS as a method to help prevent MITM. Related blog postsWritten by: Tomasz Andrzej Nidecki, reviewed by: Benjamin Daniel Mussler |