Man in the Middle Attack

Man in the Middle Attack

A man-in-the-middle attack (MITM), often referred to as “Monster in the Middle,” is a type of cyber attack where a malicious actor intercepts communication between two parties. These nefarious tactics entail intercepting and tampering with communication between two parties. Granting attackers the ability to covertly monitor and alter messages. The attacker situates themselves within the network pathway linking the communicating parties, enabling eavesdropping, modification, or injection of new data into the communication.

Man-in-the-middle attacks (MITM) can be used for various malicious purposes. Including stealing sensitive information like login credentials or financial data, injecting malware into the communication stream, or impersonating one of the parties to gain unauthorized access to systems or services.

Man in the Middle Attack Scenario

You’re texting your friend to arrange a time and place to meet. She says 2pm at your local coffee shop, but when you get there, she isn’t there. Maybe she is that friend who is always late, so you wait, but still nothing. An hour earlier, your friend was sitting at the Italian restaurant you both love and she was waiting for you. Why were you at two different locations at two different times? Well, your conversation got intercepted by a hacker who was able to read your messages and alter them without you knowing. This is what is called a Man-in-the-Middle attack.

Man in the Middle Attacks

Now, of course you and your childhood friend are not the target of hackers and they don’t really care where you want to meet. The interception attack is of course, not this simple. However, malicious third parties are using this concept to carry out attacks against organizations or specific individuals. A device is needed to perform the attack and there are a variety of different products available for different purposes.

How an Man-in-the-Middle Attack Typically Works

The attacker positions themselves between the communication of two parties. This could be between a user and a website, two devices communicating over a network, etc.

Interception: The attacker intercepts communication between two parties, making them believe they are communicating directly with each other. This can be done through various means, such as exploiting vulnerabilities in network protocols or using spoofing techniques.

Eavesdropping: The attacker can eavesdrop on the data being transmitted, collecting sensitive data such as passwords, credit card numbers, or other confidential data.

Modification: The attacker can alter the data being transmitted. For example, they might modify a legitimate message, redirect a user to a malicious website, or inject malware into the communication.

Impersonation: The attacker can impersonate one or both parties involved in the communication. This allows them to gain unauthorized access to systems or manipulate the communication for their benefit.

Man in the Middle Attack Devices

ATM Attacks

ATMs are prime targets for Man-in-the-Middle Attack thanks to the abundance of cash stored inside of them. A way in which this attack can be carried out is through an ATM black box attack. In this attack, a device (usually containing a Raspberry Pi Zero W computer) will connect between the ATM’s PC and the dispenser. This allows the attacker to send cash dispensing commands to the machine.

Raspberry PI
Raspberry PI Device

This type of attack can be challenging since internal access to the machine is required. Never fear, potential ATM hackers, a simpler way is available and costs only $25 on Amazon (no need for the dark web when it comes to this). This device is known as a GL.iNet and is attached externally to the ATM, but provides the same end result.


But ATMs are such a niche target (ATM Jackpotting Attack), so why should you even be reading this? Well, it’s not just ATMs that are the target. You might be, too. And no, not for the purpose of finding out your lunch plans. Hackers might want to gain access to the organization you work in and may use you to do so.

Man in the Middle Attacks on Organizations and Individuals

At this point, you might think that you are protected. Since, in order to access your organization’s devices and network, you need authentication, maybe even biometric authentication (Biometric Sensors). Well, another Man-in-the-middle (MITM) attack tool is bypassing this, too. A device known as BeagleBone board is able to circumvent even the most sophisticated forms of biometric authentication like palm-vein scanners.


Hak5 Attack Tools

There are plenty more devices that can be used for Man-in-the-middle (MITM) attacks. Hak5 is a company that produces a lot of these hacking tools, such as Packet Squirrel and LAN Turtle, and others. These devices, although differing slightly in functionality, both observe network traffic. A more advanced tool, going by the name of Wifi Pineapple, is letting hackers mimic preferred networks and, in turn, gather intelligence.

Man in the Middle Attack - Packet Squirrel - LAN turtle - Wifi Pineapple
Packet Squirrel – WiFi Pineapple – LAN turtle

Rogue Devices are Overcoming Existing Security Solutions

These Man-in-the-Middle (MITM) Attack tools, or in other words, Rogue Devices, bypass existing security solutions, such as NAC, EPS, IDS, or IoT Network Security. This is due to a lack of physical layer visibility, which means that they go undetected. Hence, in order to evade hardware based attacks, it is essential to avoid using Rogue Devices. Such awareness is even more crucial as hardware-based attacks occur more frequently. With 37% of threats designed for USB exploitation in 2020, nearly double than in 2019 (bad USB devices). Further, as USB usage rose by 30% in 2020, attackers are more likely to be successful (Internal Threats).

MITM Attacks Mitigation

Sepio’s patented technology is the cyber security solution for mitigating risks associated with MiTM attacks. The threat of Man-in-the-Middle (MITM) Attacks is pervasive and evolving. By understanding the tactics employed by attackers and staying vigilant, you can take proactive steps to protect your network and sensitive data.

How Sepio’s Platform Works

Sepio is calculating the individual risk score of all assets on a network (Asset Risk Management). Through a comprehensive analysis of multiple, different risk indicators, each of which contributes a different level of risk to the final score. These risk indicators can be categorized into the following 4 groups in an increased severity order from low to high:

  • Unsupervised asset
  • Asset anomalies (for example, physical layer based Asset DNA mismatch, rare devices, unexpected devices or components, unexpected port speed, etc.)
  • Known vulnerability (device CVE and / or firmware CVE, and / or component CVE)
  • Known attack tool (based on Sepio’s Asset DNA match)

Sepio’s platform provides a comprehensive solution to mitigate cyber security risks. Regain control over your network assets, and ensure the security of your organization. Take the necessary measures to safeguard against MiTM attacks and maintain the security of your network infrastructure.

This blog was not meant to scare you. But to make sure that you are more vigilant towards the savvy ways hackers are manipulating you.

See every known and shadow asset. Prioritize and mitigate risks.
Schedule a demo. Our experts will help you understand how protect your network against man-in-the-middle attacks and control of your asset risks.

January 25th, 2021