What is a Man-in-the Middle Attack?

A man-in-the-middle (MITM) attack is a type of cyberattack in which a cybercriminal secretly intercepts communication between two parties, therefore being “in the middle” of their messages. In this attack, the interceptor often will relay the messages to their intended destination to avoid suspicion until they gain something of value. The cybercriminal may alter the communications, manipulating the conversation to their favor. This may appear as a conversation with coworkers, friends, or family, or even impersonating an organization or website, such as a financial institution.

How Does a Main-in-the-Middle Attack Occur?

Cybercriminals will typically perform a man-in-the-middle attack in two distinct phases: interception and decryption.

With a conventional MITM attack, a cybercriminal needs to gain access to an unsecured Wi-Fi router, or one that is easily breached. These connections are commonly found in restaurants and public buildings with free Wi-Fi. This is even a concern for personal hotspots that are and home networks that are not password protected. These attackers are able to scan a router to search for any vulnerabilities such as a weak password.

Once attackers discover a vulnerable router, they can utilize tools to intercept, read, and alter transmitted data. Attackers can then also place these tools in between the victim’s computer and any websites the user visits. This allows them to capture credentials and any other sensitive information that is entered.

After interception, the victim’s stolen encrypted data must then be unencrypted (or the data is not very useful, one could imagine). This second phase of an MITM attack is called decryption. Decrypted data can be leveraged for a multitude of purposes, such as identity theft, fraudulent purchases, or accessing more appealing company information.