Security News > 2023 > May > Ransomware tales: The MitM attack that really had a Man in the Middle

Ransomware tales: The MitM attack that really had a Man in the Middle
2023-05-24 19:59

The UK law enforcement office SEROCU, short for South East Regional Organised Crime Unit, this week reported the peculiar tale of one Ashley Liles, the literal Man in the Middle whom we referred to in the headline.

These days, we usually expand the jargon term MitM to mean Manipulator in the Middle, not merely to avoid the gendered term "Man", but also because many, if not most, MitM attacks these days are performed by machines.

Some techies have even adopted the name Machine in the Middle, but we prefer "Manipulator" because we think it usefully decribes how this sort of attack works, and because sometimes it really is man, and not a machine, in the middle.

A MitM attack depends on someone or something that can intercept messages sent to you, and modify them on the way through in order to deceive you.

As you can imagine, cryptography is one way to avoid MitM attacks, the idea being that if the data is encrypted before it's sent, then whoever or whatever is in the middle can't make sense of it at all.

The attacker would not only need to decrypt the messages from each end to figure out what they meant, but also to re-encrypt the modified messages correctly before passing them on, in order to avoid detection and maintain the treachery.


News URL

https://nakedsecurity.sophos.com/2023/05/24/ransomware-tales-the-mitm-attack-that-really-had-a-man-in-the-middle/