What is a MITM attack and how can you protect yourself against it?

What is a MITM cyberattack?

To effectively protect yourself from cyberattacks, you still need to know how to define them. MITM attacks include a wide variety of cyber attacks. They effectively designate all the situations where a third party intercepts communications between two systems, without their users being aware of the situation.

Definition of “Man-in-the-Middle” attacks

In its online cybersecurity glossary, the US National Institute of Standards and Technology (NIST) defines MITM as a “an attack where the adversary positions himself in between the user and the system so that he can intercept and alter data traveling between them”.

The NIST further specifies that the actors hacked in an MITM attack are not aware of the attack, because the connection between the computer systems is maintained. The attacker replaces the stolen elements with others, or restores them once the theft is complete.

In any case, the hacker takes encrypted exchanges and deciphers them. They also pose as the legitimate interlocutor. This way, the victims think they are communicating with someone they trust. They actually interact, actively or passively, with the hacker.

Man-in-the-Middle attacks: a typology

This same government agency further explains that the most well-known MITM attacks fall under what is called “ARP poisoning”, or “ARP spoofing.” The hacker uses the ARP address resolution protocol to attack a local network – often Ethernet or WiFi. Then, they proceed to hijack the information exchange flow between devices and their gateways, be they internet boxes or routers.

There are several types of MITM attacks:

• ARP poisoning;
• DNS poisoning. Reminder: DNS (Domain Name System) translate website domain names into IP;
• Denial of service (DDoS)
• Mail squatting, during which the hacker intercepts messages using malware installed on the mail server. Those attacks are sometimes led through “packet analyzer” software that reads data from local networks. The hacker then accesses encrypted emails, and deciphers the cryptographic keys.
• Packet sniffing consists in accessing the victim's confidential data, for example by spying on his audio and video devices;
• Packet injection: the hacker injects packets in the form of malware into their victim’s device so as to hack their communication networks.
• ‍

Which companies are targeted by MITM attacks?

MITMs target all companies, SMEs as well as large groups. Cybercriminals may try to steal sensitive data in order to blackmail the general management, much like with ransomware. They can also try to steal funds, for example through identity theft.

This explains why Man-in-the-Middle attacks rely in particular on professional messaging, instant messaging, banking applications, business software, virtual data rooms and online meetings. Information exchanges around M&A transactions also represent prime targets.

What are the consequences of a MITM attack?

MITMs target your communications in order to hack bank accounts, steal confidential data in exchange for ransom, or sell your data to the highest bidder. The motivations behind a MITM attack often are financially driven.

Man-in-the-Middle attacks can also be part of unfair competition tactics or political sabotage. Indeed, the stakes might be to access a company's client data. This way, a competitor is in capacity to spy on your content, and find a flaw that could expose you publicly.

‍