MAN-IN-THE-MIDDLE (MITM)

A Man-in-the-Middle (MitM) attack is a form of cyberattack where important data is intercepted by an attacker using a technique to interject themselves into the communication process. The attacker can be a passive listener in your conversation, silently stealing your secrets, or an active participant, altering the contents of your messages, or impersonating the person/system you think you’re talking to. 

Most MitM attacks follow a straightforward order of operations, regardless of the specific techniques used in the attack.

In this example, there are three entities, Alice, Bob, and Chuck (the attacker).

1. Chuck covertly listens to a channel where Alice and Bob are communicating

2. Alice sends a message to Bob

3. Chuck intercepts and reads Alice's message without Alice or Bob knowing

4. Chuck alters messages between Alice and Bob, causing unwanted/damaging responses

MitM techniques are usually employed early in the cyber kill chain - during reconnaissance, intrusion, and exploitation. Attackers often use MitM to harvest credentials and gather intelligence about their targets.

Multi-factor authentication (MFA) can be an effective safeguard against stolen credentials. Even if your username and password are scooped up by a man-in-the-middle, they'll need your second factor to make use of them. Unfortunately, it's possible to bypass MFA in some cases.