0
The Man-In-The-Middle (MITM) Cyberattack
The Man-In-The Middle (MITM) cyberattack is easily understood from its name: a cyberattacker manages to insert themselves as an intermediary in the exchange of data, with consequential impact on data security and integrity.
Arun raj
Rate this Study Guide:
☆☆☆☆☆An employee is chatting with their boss through an unsecured Wi-Fi network The boss informs the employee to urgently transfer an amount to a specified bank account number A hacker intercepts this conversation and changes both the amount and the bank account number in the message that is received by the employee The employee performs the transaction and sends a message to the boss confirming that the amount has been transferred to the bank account number The hacker changes the amount and account number back to the original data before the confirmation message reaches the boss By using this MITM cyberattack, the hacker is able to steal funds from the organisation without arousing suspicion while the attack is in progress
Common Man-In-The-Middle attacks include:
We have already discussed this in the real-world example above. Compromised Wi-Fi networks are a popular choice amongst cyberattackers because such attacks are relatively simple and easy to deploy. Having secured Wi-Fi within your organisation is not enough to protect your employees as they may use W-Fi on their laptops outside the organisation e.g., in a coffee shop – except that the Wi-Fi network they are using doesn’t belong to the coffee shop; it is a malicious hotspot created by an attacker who is also present in the coffee shop posing as a customer. Enterprise cybersecurity solutions such as K7 Endpoint Security can control which Wi-Fi networks the laptop can connect to, but employees may also use their personal devices for communicating with colleagues which may still expose the organisation to an MITM attack.
It may be hard to believe that an application bundled with computers by the OEM could be considered unsafe, but that is what happened with the Sailfish adware. Ostensibly a visual search tool, the bundled application acted as an MITM attack to inject ads into websites visited by the user and also used the same encryption key for all computers that had the adware installed which opened the doors to severe cyberattacks from threat actors. Any program that attempts to modify the content of web pages before they are viewed by the user can be considered an MITM attack as they can be used for more alarming purposes than injecting ads. Malware that can step into digital communication channels pose the same threat and may enter a device through malicious attachments, infected USB drives, software or hardware vulnerabilities, and attack websites.
This variant of MITM specifically targets the victim’s browser e.g., through a malicious browser extension. The extension allows the attacker to monitor and compromise all browser-based activity which is a significant portion of an employee’s tasks as many organisations now use internal websites or cloud-enabled solutions for commercial and administrative operations.
Address Resolution Protocol (ARP) Poisoning (or ARP Cache Poisoning) modifies the IP address associated with the MAC address of a device. In layman’s terms, it means that a hacker can insert themselves between an endpoint and router (for example) and pretend to be the router to the endpoint and pretend to be the endpoint to the router. All data traffic that is meant to flow between endpoint and router will now pass through the hacker’s device.
