Cyber-attacks have been a significant threat to cyberspace for decades. It started as innocuous pranks of the Creeper and Reaper in 1970 when Bob Thomas created the first computer virus. He coded a program that could operate between computers and display the message "I'm the creeper: catch me if you can!" when it landed on computers.
In response to his prank, his friend and a co-worker, Ray Tomlinson, code a similar program with an additional feature that makes it replicate as it moved from one computer to another. Ray Tomlinson's program eliminated the 'Creeper,' and his code has been known as the 'Reaper' since then.
Cyber-attacks evolved from there to denial-of-service –DoS– created by Robert Morris in 1989 before the "virus era" in the '90s, which birthed cybersecurity. Today, cyber-attacks have taken a new criminal course, with attackers attempting to be in control of computer resources for aggrandizement. One of the devastating cyber-attacks today is the Mam-in-the-middle attack.
A man-in-the-middle attack is a cyber-attack where an adversary covertly intercepts and conveys messages between two users or machines who believe they are directly communicating with one another. It involves the perpetrator positioning himself in-between two users' communication to eavesdrop on their communication or impersonate either of them.
This attack can also be staged in the data transfer process to obtain personal details, like credit card numbers, account information, and login credentials. It poses a massive threat to cybersecurity since most users of financial applications, SaaS companies, e-commerce websites, and other websites that require signing in are often the targets.
MiTM attack is sometimes referred to as machine-in-the-middle attack, monkey-in-the-middle attack, monster-in-the-middle attack, and man-in-the-browser attack. The man-in-the-browser –MiTB– attack is the most prevalent type of MiTM attack where adversaries focus on browser infection and introduce malicious proxy malware –through phishing– to the target's computing device.
MiTM attacks are categorized into passive and active attacks. • Passive Attacks A passive MiTM attack is when the adversary covertly observes communications without interfering. The attacker only eavesdrops on communications without modifying them. Data gathered during passive attacks could be used to launch an active attack. • Active Attacks An active attack is when the adversary intercepts communications and alters them. Here, the attacker stands as a bridge in-between the two users or machines.
There are two stages of MiTM attacks which are the interception and decryption stages
Interception Stage The interception stage involves the adversary intercepting communications between users or data between a user and a server. The intruder deceives the parties engaged into thinking they are communicating directly, while the intruder intercepts communications by acting as a proxy to read and alter the communication. The steps involved in interception are: i. The intruder first deploys a packet sniffer to detect any vulnerable network traffic like a user using an unsecured public hotspot or accessing an HTTP-based page. ii. When the target logs into the insecure website, the intruder obtains the user's information and redirects him to a phony website. iii. The phony website mirrors the real one and captures all relevant users' information. The attacker will subsequently use the captured data to access all valuable resources on the real website.
Decryption Stage The intercepted data is decoded in the decryption stage. This crucial stage allows the intruder to ultimately decode the data and use it to their advantage, such as committing identity theft or interfering with business processes like fraudulently receiving payments.
Cybercrime and the exploitation of security flaws are becoming more complex as a result of the continued development of our digitally connected environment. In order to protect yourself from man-in-the-middle attacks and other forms of cybercrime, it is essential to educate yourself on cybersecurity best practices. Having a powerful antivirus program installed on your computer at the absolute least helps keep your data safe and secure.