logo ORSYS Le mag

The training and skills medium

Home > Cybersecurity glossary > Man-in-the-middle 🔴 Attack

Man-in-the-middle 🔴 Attack

A man-in-the-middle (MITM) attack, Or man-in-the-middle attack is a sophisticated cyber attack in which an attacker intercepts communication between two parties, often without them realising. The attacker can then read, modify or even redirect the data exchanged.

An MITM attack occurs when a cybercriminal secretly interposes himself between a user and a web application, intercepting and potentially modifying their communication.. The main aim is to surreptitiously collect sensitive information such as personal data, passwords and bank details.

 

Features

  • CATEGORY : 🔴 Attack
  • FREQUENCY : 🔥🔥
  • DANGEROUS : 💀💀💀💀
  • DIFFICULTY OF ERADICATION : 🧹🧹🧹🧹

 

Google - Noto Color Emoji 15.0 (Animated) How it works

An MITM attack generally takes place in two phases:

  1. Interception phase The attacker gains access to the network, often via a poorly secured Wi-Fi router or by manipulating DNS servers.
  2. Decryption phase intercepted data is decrypted and exploited by the attacker

 

👉 Common man-in-the-middle attack techniques

  • IP address spoofing : the attacker poses as a legitimate machine on the network, intercepting traffic destined for the victim.
  • ARP spoofing (ARP Spoofing): involves fooling devices on a network into thinking that an attacker is another machine, in order to divert network traffic.
  • DNS Poisoning By modifying DNS records, the attacker redirects traffic to a fake server controlled by the attacker.
  • Creating fake Wi-Fi access points (evil-twin attack): the attacker configures a "evil twin"The Wi-Fi access point.
  • Attack on Wi-Fi access points : unsecured public Wi-Fi networks, such as those in cafés, hotels and airports, are prime targets for MITM attacks.
  • Use of illegitimate SSL certificates
  • Protocol interception : Protocols such as HTTP, HTTPS, FTP, etc., can be targeted to intercept data in transit.
  • Attacks on encryption keys : The attacker may attempt to steal or compromise the encryption keys used to secure communications.

 

 

💥 Consequences of an MITM attack

  • Le data theft sensitive : passwords, credit card numbers, personal information.
  • Identity theft : the attacker can impersonate another person to commit fraud.
  • Data corruption : the attacker can modify the data exchanged to cause confusion or damage.
  • Deployment of malicious software : the attacker can inject malicious code into the communication to take control of the systems.

MITM attacks are particularly dangerous because they can go undetected for a long time, allowing attackers to collect a large amount of sensitive data.

 

 

👉 Example

A recent example of an MITM attack is the Trickbot module called shaDll, identified by CrowdStrike. This module installed illegitimate SSL certificates on infected computers, enabling access to the user's network, redirecting web activity, injecting code and collecting data.

 

 

💉 Protection and remedies

  • Use strong passwords and change them regularly
  • Enable multi-factor authentication (2FA or MFA)
  • Deploying robust encryption protocols
  • Using a virtual private network (VPN)
  • Avoid unsecured public Wi-Fi networks
  • Check the authenticity of SSL certificates
  • Use HTTPS connections only
  • Keeping operating systems and software up to date
Back to Glossary

field of training

Cybersecurity

associated training

Systems and network security, level 1

Hacking and security, level 1

Information systems security, summary

BEST

Towards the ORSYS Cyber Academy: a free space dedicated to cybersecurity