• It is a type of cyber attack where a malicious actor inserts him/her into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other. KEY CONCEPTS OF MAN IN MIDDLE ATTACK: • Man-in-the-middle is a type of eavesdropping attack • A MITM attack exploits the real-time processing of transactions, conversations or transfer of other data. • Man-in-the-middle attacks allow attackers to intercept, send and receive data never meant to be for them. MAN IN MIDDLE EXAMPLE: MAN IN MIDDLE ATTACK PREVENTION: • Avoiding WiFi connections that aren’t password protected. • Paying attention to browser notifications reporting a website as being unsecured. • Immediately logging out of a secure application when it’s not in use. • Not using public networks (e.g., coffee shops, hotels) when conducting sensitive transactions. REAL TIME ATTACK: • According to Zdnet3, in 2019 users of Kazakh mobile operators trying to access the internet received text messages indicating that they need to install government-issued root certificates on their mobile and desktop devices. Requiring internet users to install root certificate that belongs to the government could give the government the ability to intercept encrypted HTTPS traffic and perform a MITM attack to break secure communication.