A Man-in-the-Middle (MiM) attack is a unique type of session hijacking that many companies face during the flow of communication data between client and server. This occurs when a malicious attacker is able to trick the client into believing he is the server and he tricks the server into believing he is the client. In this manner, the attacker is able to access and manipulate information that is intended to be communicated between the client and server only.
There are many different types of sites that are targeted by MiM attacks, but attackers typically target sites such as banks or other financial institutions which can be used for commercial profit. The attacker uses the MiM attack to gain access to the communication flow of sensitive data.
The effects of MiM attacks on companies
If an attacker is able to successfully pull off a MiM attack, he will have access to the flow of company data between two points. The attacker can manipulate this data for his own benefit. For instance, if a MiM attacker has successfully breached the communication flow between the company server and a financial institution, he may be able to manipulate the data in order to have funds transferred to his bank instead of the intended account.
Let's say that a company employee is attempting to withdraw money to his account. The employee sends the account number across the internet to the financial institution servers which will process the command. The MiM attacker intercepts the flow of data and changes the account number from the employee's account number to another account number. The malicious command is then sent to the financial institution which then processes the request of withdrawing money to the wrong account.
How to avoid MiM attacks
A vulnerability scan is the most common method for detecting malicious code and vulnerabilities. The problem with vulnerability scanners is that they only find specific vulnerabilities. Penetration testing is a more effective method as it utilizes the services of skilled hackers who attempt every possible type of attack they know to find vulnerabilities in the source code. After years of extensive application development and testing, today's top SAST providers have developed effective vulnerability testing to locate these vulnerabilities.
