Date First Published: 27th June 2022
Topic: Cybersecurity
Subtopic: Threats To Systems, Data & Information
Article Type: Computer Terms & Definitions
Difficulty: MediumDifficulty Level: 6/10
Learn more about what a MITM attack is in this article.
Stands for a man-in-the-middle attack. A MITM attack is a type of cyberattack where an attacker intercepts communications between the user and server and positions themselves in between the two parties transferring data. This allows the attacker to eavesdrop in order to steal sensitive information, such as passwords and card numbers, and modify information in the communications. For example, connecting to an unencrypted Wi-Fi network will make it easy for an attacker to perform a MITM attack.
Man-in-the-browser (MITB) attacks occur when attackers focus on browser infection and inject malicious proxy malware onto the victim's device.
MITM attacks work by attackers inserting themselves in the middle of data communications. Attackers usually install a packet sniffer to identify any insecure network traffic, such as a HTTP-based website. This will allow the attacker to retrieve the user information and redirect them to a fake information to capture their details once the user logs into the insecure website. An example of a MITM attack is:
Authentication helps prevent MITM attacks. Security protocols used on the internet, such as TLS authenticate one or both parties using a trusted certificate authority. Some TLS certificates may encrypt data with a secret key that only the client and the server knows. Attackers will not be able to read or interfere with the encrypted data without knowing the secret key. Not connecting to unsecured or unencrypted Wi-Fi networks is also helpful for preventing MITM attacks.
In order for attackers to steal sensitive information, MITM attacks can be performed in all sorts of ways. These include:
If so, it is important that you tell me as soon as possible on this page.
Network Services Network Setups Network Standards Network Hardware Network Identifiers Network Software Internet Protocols Internet Organisations Data Transmission Technologies Web Development Web Design Web Advertising Web Applications Web Organisations Web Technologies Web Services SEO Threats To Systems, Data & Information Security Mechanisms & Technologies Computer Hardware Computer Software Ethics & Sustainability Legislation & User Data Protection