Imagine if the next time you sent a birthday card to a friend, somebody else opened it first. In this scenario, the crook was looking for any cash you might have included in the card before forwarding it on to its rightful owner.
This is precisely the concept of a Man-in-the-Middle (MiTM) attack. First documented way back in 1995, MiTM attacks occur when a cybercriminal positions themselves between two communication endpoints, and intercepts the information in transit.
After an attacker interrupts a legitimate connection, say between a WiFi point and a mobile device, they are in control.
In many cases, users are forwarded on to fake websites where their credentials are harvested and used to commit fraud.
How do hackers do it?
Although cybercriminals exploit flaws in many systems to commit MiTM attacks, there are three standard routes an attacker will usually take.
One of the most popular ways for hackers to execute a MiTM attack is over WiFi. In this scenario, cybercriminals intercept a connection directed to a legitimate WiFi hotspot.
Instead of accessing the WiFi network, users log on to the hacker’s WiFi point, revealing all of their traffic, and any credentials they enter, to the cybercriminal.
Although this attack often takes place over public WiFi connections, it can also target secure Wi-Fi networks too.
Hijacking User Emails:
There are many ways for malicious actors to gain access to email credentials. But commonly, cyberthieves undertake targeted phishing attacks and convince an unsuspecting user to click on malware.
Hackers can take over a user’s web browser and commit a MiTM attack by redirecting that user to a fake website. This is a form of spoofing – but we’ll cover that in more detail later.
In many cases, the fake site will be a financial one. Once a user enters their credentials, they can be harvested and used to commit fraud.
MiTM spoofing attacks can be carried out in several different ways. As mentioned, hackers can set up fake web pages and steal the information entered into them. With this data, cybercriminals can go ahead and commit fraud.
This process can happen through DNS or ARP spoofing. Both methods reroute traffic aimed at a specific IP address with malicious intent.
Hackers also use this technique to spread malware on private, internal networks too.