Man-in-the-Middle (MITM) Attack: What It Is and How to Protect Yourself?

A Man-in-the-Middle (MITM) attack is a cyberattack in which the attacker secretly positions themselves between two systems or users who believe they are communicating directly with one another. The attacker is then able to intercept, read or alter communications without the system or the victim being aware, making everything appear to function normally. These attacks exploit unencrypted connections, outdated protocols or weaknesses in certificate validation, and can result in the theft of data, credentials and unauthorised access to systems.

MITM attacks continue to have a significant financial impact worldwide. According to technical cybersecurity reports, this type of attack is associated with around 15–20% of successful cyber incidents, particularly in the context of communication interception and credential theft. Global losses may exceed €2.2 billion per year, according to the Mest Journal, taking into account direct fraud losses, incident response costs, system recovery and legal expenses.

In Portugal, cyberattacks in general have been increasing consistently, with organisations reporting figures above the European average. According to data from Microsoft, the country ranks 12th in Europe in terms of the number of cybersecurity incidents, confirming the global trend of increasingly sophisticated attacks.

How to Protect Yourself Against MITM Attacks

• Avoid public Wi-Fi networks. However, if you must use them, use a trusted VPN, avoid open networks without a password and remove public networks from your phone or PC after use to prevent your devices from reconnecting automatically later without your knowledge.
• Only use websites with valid certificates and never ignore certificate warnings. If your browser says “your connection is not private” or displays a certificate error, do not proceed.
• Enable multi-factor authentication (MFA), using authentication apps, physical security keys or passkeys can reduce the time window and impact of a MITM attack. Even if an attacker intercepts your username and password, they generally do not have physical access to your device nor control the out-of-band channel through which a push notification is sent.
• Keep your operating system, browsers and applications up to date, and enable antivirus software, firewalls and intrusion detection systems.
• Be particularly cautious with suspicious links sent via email, these are sometimes used during the MITM process to capture login credentials or, in more advanced cases, certain types of MFA.

MITM attacks exploit unencrypted connections, obsolete protocols, failures in certificate validation or other configuration weaknesses. They can result in the theft of data and credentials, as well as unauthorised access to systems.