Course 7 - Interception Attacks
An interception attack is an attack based on intercepting data in transit. Interception can be used to aid in many different attacks, such as spoofing. Packets can be intercepted before being altered, leading to spoofing. Interception is definitely its own attack as well, let's look at some types of interception attacks:
*Note: it is recommended that you look at course 10 before the following attacks:
Man-in-the-Middle (MITM): A man-in-the-middle attack is when an attacker “places” themselves in a line of communication between devices to eavesdrop or alter messages . In a way, this is a form of spying. If an attacker alters header information, such as the source IP address, this is more likely to be considered spoofing aided by interception. However, changing the payload instead is more closely related to interception.
Man-in-the-Browser (MITB): Man-in-the-browser is a MITM attack where an attacker uses malware on a web browser to spy on a target's online affairs. This can be used to relay information back to attackers or allow attackers to tamper with the target's activities. A common example used for MITB is related to financial information and how MITB malware often picks up on this and gives it back to the attacker. A difference between this and MITM are that they work in different layers . Being in the browser, MITB is an application layer attack . MITM is a network layer attack .
Proxy Servers: Proxy servers are generally used as a network layer defense mechanism to check for alteration in packets as they travel through a network. However, malicious proxy servers can be created and placed in networks to intercept. Furthermore, proxy servers can be hijacked by attackers, turning them into malicious devices.
If you hadn't already noticed, interception attacks share a lot of characteristics with spyware, and are quite synonymous with spying. Considering this, interception becomes a much more dangerous cyberattack.