Examples of MITM Attacks
Although the central concept of intercepting an ongoing transfer remains the same, there are several different ways attackers can implement a man-in-the-middle attack.
Scenario 1: Intercepting Data
- The attacker installs a packet sniffer to analyze network traffic for insecure communications.
- When a user logs in to a site, the attacker retrieves their user information and redirects them to a fake site that mimics the real one.
- The attacker’s fake site gathers data from the user, which the attacker can then use on the real site to access the target’s information.
In this scenario, an attacker intercepts a data transfer between a client and server. By tricking the client into believing it is still communicating with the peladen and the server into believing it is still receiving information from the client, the attacker is able to intercept data from both as well as inject their own false information into any future transfers.
Scenario 2: Gaining Access to Funds
- The attacker sets up a fake chat service that mimics that of a well-known bank.
- Using knowledge gained from the data intercepted in the first scenario, the attacker pretends to be the bank and starts a chat with the target.
- The attacker then starts a chat on the real bank site, pretending to be the target and passing along the needed information to gain access to the target’s account.
In this scenario, the attacker intercepts a conversation, passing along parts of the discussion to both legitimate participants.
Real-World MITM Attacks
In 2022, Dutch registrar site DigiNotar was breached, which enabled a threat actor to gain access to 500 certificates for websites like Google, Skype, and others. Access to these certificates allowed the attacker to pose as legitimate websites in a MITM attack, stealing users’ data after tricking them into entering passwords on malicious mirror sites. DigiNotar ultimately filed for bankruptcy as a result of the breach.
In 2022, credit score company Equifax removed its apps from Google and Apple after a breach resulted in the leak of personal data. A researcher found that the app did not consistently use HTTPS, allowing attackers to intercept data as users accessed their accounts.
Interactions Susceptible to MITM Attacks
Any improperly secured interaction between two parties, whether it’s a data transfer between a client and server or a communication between two individuals over an internet messaging system, can be targeted by man-in-the-middle attacks. Logins and authentication at financial sites, connections that should be secured by public or private keys, and any other situation where an ongoing transaction could grant an attacker access to confidential information are all susceptible.
For more about application security, read our Secure DevOps Survival Guide.