How to Defend Yourself From the ‘Man in the Middle’


By Matt Lindley, COO and CISO at NINJIO

Cybersecurity is an issue that many people ignore until a cyberattack suddenly upends their day-to-day digital routine. This is why cybersecurity has to be built into those routines – no matter what you’re doing online, cybercriminals are constantly on the lookout for ways to steal your information and use it against you. Everyone has to be aware of the most common cyberattacks and what can be done to stop them.

One of the most destructive and pervasive cyber-threats today is called a “man in the middle attack” (or MITM), in which hackers interdict interactions with legitimate websites and other digital services to infiltrate personal accounts, gain access to sensitive personal information, and steal money. Although MITM attacks are often carried out with sophisticated malware that allows a hacker to eavesdrop on conversations and intercept sensitive data, many of these attacks rely on various forms of social engineering to provide entry points that allow cybercriminals to install this malware on victims’ computers.

Because MITM attacks can be executed across a wide range of attack vectors, they reinforce the importance of cybersecurity on many different levels. While MITM attacks expose a long (and growing) list of vulnerabilities, there are also a few general principles that mitigate the risk across the board. With that in mind, let’s take a closer look at how MITM attacks function, why they post such a serious threat, and what can be done about them.

How do ‘man in the middle’ attacks work?

While MITM attacks exploit many different vulnerabilities, the strategy is always fundamentally the same: trick victims into thinking they’re engaging with a legitimate organization (such as a company or public agency) and convince them to disclose sensitive material or download malware. Some MITM attacks rely on fake websites and interactions to steal information directly, while others impersonate companies and institutions (such as banks) to send fraudulent instructions for, say, wire transfers.

MITM attacks can take the form of phishing scams, the unauthorized use of account credentials, and the exploitation of gaps in digital security. IBM’s 2020 Threat Intelligence Index found that these attack vectors accounted for 90 percent of initial access points used by cybercriminals in 2019. Some MITM attacks even use monitoring software capable of picking up login credentials and other information when users are on legitimate websites.

No matter how MITM attacks are deployed, they depend on deception and manipulation. This is why cybersecurity awareness is so crucial. It doesn’t just teach people to use digital security tools that can prevent scammers from hacking into their devices – it puts them on alert and helps them identify suspicious requests, strange domains, and other warning signs that someone is trying to trick them and steal their information.

The most common types of MITM attacks

The MITM category encompasses a broad range of attacks, from spoofing to more direct forms of infiltration. A Norton report outlines seven major types of MITM attacks: IP spoofing, DNS (domain name system) spoofing, HTTPS spoofing, SSL (secure sockets layer) hijacking, email hijacking, Wi-Fi eavesdropping, and stolen browser cookies. This extensive list is a reminder that scammers and other cybercriminals who use MITM attacks are always searching for ways to deceive and defraud new victims, and they’re capable of exploiting many different security gaps to accomplish their goals.

MITM attackers also take advantage of many different platforms. According to a 2019 Zimperium report, MITM attacks comprise a staggering 93 percent of network attacks and 86 percent of all attacks on mobile devices. The rapidly expanding Internet of Things (IoT) has also opened up a new universe of vulnerabilities to MITM attackers, and companies’ security practices aren’t keeping pace. For example, some connected devices (such as smart appliances) could have weaker security protocols than users’ smartphones or laptops, which would provide an entry point for hackers to infect larger networks.

MITM attacks capitalize on the fact that our digital connections and interactions are multiplying every day. From the increasing number of ways consumers communicate with companies (through email, chatbots, etc.) to all the connected devices we use, the digital landscape has never been more tantalizing for MITM attackers. However, the vast majority of MITM attacks can be thwarted – we just have to know what to look for.

Cutting out the middleman

Recall Norton’s list of MITM attacks. Don’t let all the technical-sounding acronyms fool you – anyone can be trained to identify MITM attacks and avoid becoming a victim. For example, you’ll notice that the word “spoofing” comes up frequently in reports about MITM attacks. This is a type of cyberattack in which hackers impersonate a legitimate entity (by creating a dummy website, for instance) to convince users that it’s safe to input sensitive information.

But the only way this attack can succeed is if hackers convince their target to click on a malicious link which will lead them to the phony website. This is why it’s always important to manually enter the address in your browser, especially if you’re going to a website (such as a bank’s) that asks for sensitive personal information. You should also be on the lookout for signs that something isn’t right, such as “HTTP” instead of “HTTPS” in your address bar. It’s always a good idea to be suspicious of links and attachments you receive via email, particularly if they prompt you to update your login credentials or input other sensitive information.

To avoid becoming a victim of a MITM attack, employees should also be mindful of what they’re sharing via text message and email, or with chatbots, online forms, and other digital communications tools. Minimize the amount of sensitive information you share on any digital communications platform, confirm the veracity of requests with phone calls or in-person wherever possible, use trusted encryption resources, and make sure you know exactly who you’re communicating with.

One of the most common MITM attack vectors is unsecured public WiFi, which is why they use of a VPN is essential if you’re going to be working in coffee shops, airports, and other public places. Home networks can also be riskier than secure work networks, and with millions of Americans working from home for the first time amid COVID-19, it’s extra important to make sure all your security software is up to date. And don’t forget about other connected devices – always research the IoT products you buy to check for known security vulnerabilities and keep their software updated. The last thing you want is for a compromised smart fridge or home entertainment system to open up all the other devices on your network to attack. At a time when we’re more connected than ever before, it’s vital to remember that these connections extend to bad actors who never stop devising new ways to infiltrate our networks and steal our information. But we should also remember that cybersecurity education and awareness can help us cut out the middleman.


Matt Lindley is the COO of NINJIO, and he has more than a decade and a half of experience in the cybersecurity space. Prior to NINJIO, Matt was the CEO of REIN Cybersecurity, LLC., the senior technology manager and director of security services at Cal Net Technology Group, and the virtual CIO at Convergence Networks. He has held many other leadership positions in the industry, and he’s an authority on IT, security, and a broad range of other issues.


Follow Brilliance Security Magazine on Twitter, Facebook, and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.