Man-in-the-middle attack

A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway.

The goal of an attack is to steal personal information, such as login credentials, account details, and credit card numbers. Targets are typically the users of financial applications, SaaS businesses, e-commerce sites, and other websites where logging in is required.

Information obtained during an attack could be used for many purposes, including identity theft, unapproved fund transfers, or an illicit password change.

Additionally, it can be used to gain a foothold inside a secured perimeter during the infiltration stage of an advanced persistent threat (APT) assault.

Broadly speaking, a MITM attack is an equivalent of a mailman opening your bank statement, writing down your account details, and then resealing the envelope and delivering it to your door.

man in the middle mitm attack

Blocking MITM attacks requires several practical steps on the part of users, as well as a combination of encryption and verification methods for applications.

For users, this means:

Avoiding WiFi connections that aren’t password protected.
Paying attention to browser notifications reporting a website as being unsecured.
Immediately logging out of a secure application when it’s not in use.
Not using public networks (e.g., coffee shops, hotels) when conducting sensitive transactions.