Adversary in the Middle (AITM) Attack (formerly referenced as Man-in-the-Middle) is a technical term for when a hacker positions himself in a conversation between a user and an application; either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway. The main goal of these attacks is to steal sensitive information from the victims, such as login credentials to online accounts such as email, banking, or virtual private network.
Often these attacks occur on rogue Wi-Fi networks masquerading as the local businesses real Wi-Fi. Unsuspecting users connect to the fake Wi-Fi network and their traffic is intercepted and inspected for these juicy authentication details.
Fortunately, most websites have established https requirements which can hide authentication information unless the hacker is using an HTTPS proxy combined with spoofed DNS requests. In these cases, the hacker can pretend to be the actual website you’re attempting to log into, however, the SSL certificates can be a dead give-away that something’s amiss.
These types of attacks are often paired with phishing attacks and attempt to convince users to click malicious links or enter in personal data on a fake webpage to steal their personal information. These fake websites can have legitimate SSL certificates that avoid the earlier mentioned SSL certificate issue that comes with spoofing a legitimate website address in DNS.
Source: Imperva
Additional Reading:
- Man-in-the-Middle Attacks: A Growing But Preventable Mobile Threat
- Wiki Leaks reveals CIA’s Man-in-the-Middle Attack Tool
Related Terms:
What does this mean for an SMB?
- Avoid Public, Unprotected WiFi networks;
- Ensure websites you are using are secured with HTTPS protocols;
- Log out of applications when not using them;
- Use a VPN to secure and encrypt your connection whenever dealing with sensitive information or transactions.