FBIM Transactions

The network firewall represents the first line of defense against Man-in-the-Middle (MitM) attacks, which threaten the confidentiality, integrity, and authenticity of digital communications. This paper offers a systematic classification of core MitM techniques—ranging from ARP poisoning and DNS spoofing to HTTPS degradation (SSL stripping) and session hijacking—alongside specialized variants targeting cloud services, browsers, mobile applications, and IoT devices. Particular attention is given to vulnerabilities in VPN infrastructure, where centralized traffic decryption creates high-value targets, as well as weaknesses in IoT ecosystems due to unvalidated certificates and outdated factory settings. An analytical-comparative methodology is applied, encompassing a literature review, statistical assessment of the economic impact of MitM incidents, and a practical demonstration of advanced firewall capabilities via Linux iptables/nftables configuration. The paper details both fundamental and advanced features of modern firewall solutions, including ACL rules, stateful inspection, application-layer filtering, DNS filtering, TLS inspection, and integration with IDS/IPS systems. Illustrative examples from popular application environments highlight the strengths and limitations of these measures. The findings emphasize that while the firewall is essential, it is not sufficient on its own. Effective defense requires a multilayered architecture that combines encrypted DNS requests, strict TLS certificate validation, anomaly detection, and continuous user education to significantly reduce the risks and economic consequences of MitM attacks in contemporary digital networks.

AAG. (2025, July 1). The latest 2025 cyber crime statistics (updated July 2025). https://aag-it.com/the-latest-cyber-crime-statistics/

Abbasi, S. (2025, February 18). Qualys TRU discovers two vulnerabilities in OpenSSH: CVE-2025-26465 & CVE-2025-26466. https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-tru-discovers-two-vulnerabilities-in-openssh-cve-2025-26465-cve-2025-26466

Aijaz, D. (2025, January 1). Year-end analysis: Man-in-the-middle attacks in the US in 2024. https://www.purewl.com/man-in-the-middle-attacks-in-the-us-in-2024/

APWG. (2025, July 2). Phishing activity trends reports: 1st quarter 2025. https://docs.apwg.org/reports/apwg_trends_report_q1_2025.pdf

Arad, R. (2024, November 20). 6 ways to prevent man-in-the-middle (MitM) attacks. https://www.memcyco.com/6-ways-to-prevent-man-in-the-middle-mitm-attacks/

Astra Security. (2023, July 7). 13 man-in-the-middle attack statistics you must know about. https://securityescape.com/man-in-the-middle-attack-statistics/

Cekerevac, Z., Cekerevac, P., Prigoda, L., & Naima, F. A. (2025, January 15). Security risks from the modern man-in-the-middle attacks. MEST Journal, 13(1), 34–51. https://doi.org/10.12709/mest.13.13.01.04

Cekerevac, Z., Dvorak, Z., Prigoda, L., & Cekerevac, P. (2017a). Internet of things and the man-in-the-middle attacks – Security and economic risks. MEST Journal, 5(2), 15–25. https://doi.org/10.12709/mest.05.05.02.03

Cekerevac, Z., Dvorak, Z., Prigoda, L., & Cekerevac, P. (2017). Techno-economic aspect of the man-in-the-middle attacks. Communications, 2, 166–172. https://doi.org/10.26552/com.C.2017.2.166-172

Citakovic, S. (2023, May 23). 10 SQL injection attacks statistics to know in 2023. https://securityescape.com/sql-injection-attacks-statistics/

CoreLabs Team. (2020, May 22). MS15-011 – Microsoft Windows Group Policy real exploitation via a SMB MiTM attack. https://www.coresecurity.com/core-labs/articles/ms15-011-microsoft-windows-group-policy-real-exploitation-via-a-smb-mitm-attack

CVEdetails. (2025). Security vulnerabilities, CVEs published in 2024. https://www.cvedetails.com/vulnerability-list/year-2024/vulnerabilities.html

Dingledine, R., Mathewson, N., & Syverson, P. (2004). Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium (Vol. 13, p. 17). USENIX Association. https://doi.org/10.5555/1251375.1251396

Hackmanac. (2024, July 24). Global cyber attacks report 2024. https://hackmanac.com/hackmanac-global-cyber-attacks-report-2024

Hlapisi, N. (2023, July 16). Vulnerabilities and attacks on Bluetooth LE devices—Reviewing recent info. https://www.allaboutcircuits.com/technical-articles/vulnerabilities-and-attacks-on-bluetooth-le-devicesreviewing-recent-info/

IBM. (2025). Cost of a data breach. https://www.ibm.com/downloads/documents/us-en/131cf87b20b31c91

Israel, K., & Young, R. (2025, January 10). Verizon provides update on Salt Typhoon matter. https://www.verizon.com/about/news/verizon-provides-update-salt-typhoon-matter

Jackson, M. (2024, November 8). The state of SQL injection. https://www.aikido.dev/blog/the-state-of-sql-injections

Jaikaran, C. (2025, January 23). Salt Typhoon hacks of telecommunications companies and federal response implications. https://www.congress.gov/crs-product/IF12798

JumpCloud. (2025, March 7). What is an evil twin WiFi attack? https://jumpcloud.com/it-index/what-is-an-evil-twin-wifi-attack

Kapko, M. (2025, January 7). AT&T, Verizon say they evicted Salt Typhoon from their networks. https://www.cybersecuritydive.com/news/att-verizon-salt-typhoon/736680/

Kaspersky. (2025, June 20). What is a VPN? How it works, types, and benefits. https://www.kaspersky.com/resource-center/definitions/what-is-a-vpn

Kochi, S. (2024, August 19). Intelligence groups say Iran behind hacking attempts in Biden-Harris and Trump campaign. https://eu.usatoday.com/story/news/politics/elections/2024/08/19/fbi-concludes-iran-hacking-attempt-trump/74866004007/

Krouse, S., McMillan, R., & Volz, D. (2024, September 26). China-linked hackers breach U.S. internet providers in new ‘Salt Typhoon’ cyberattack. The Wall Street Journal. https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835

Lakshmanan, R. (2024, June 28). TeamViewer detects security breach in corporate IT environment. https://thehackernews.com/2024/06/teamviewer-detects-security-breach-in.html

Langley, M. (2024, July 2). TeamViewer confirms breach by notorious Russian hacking group Cozy Bear. https://dailysecurityreview.com/security-spotlight/teamviewer-confirms-breach-by-notorious-russian-hacking-group-cozy-bear/

Lyons, J. (2024, December 30). More telcos confirm China Salt Typhoon security breaches as White House weighs in. https://www.theregister.com/2024/12/30/att_verizon_confirm_salt_typhoon_breach/

McAfee. (2016). McAfee Labs threats report. Intel Security.

Microsoft. (2024). Microsoft digital defense report 2024. https://cdn-dynmedia-1.microsoft.com/is/content/microsoftcorp/microsoft/final/en-us/microsoft-brand/documents/Microsoft%20Digital%20Defense%20Report%202024%20%281%29.pdf

MITRE ATT&CK. (n.d.-a). Adversary-in-the-middle (T1557). https://attack.mitre.org/techniques/T1557/

MITRE ATT&CK. (n.d.-b). Non-application layer protocol (T1095). https://attack.mitre.org/techniques/T1095/

Mizrahi, Y., & Zohar, M. (2023, December 25). SSH protocol flaw – Terrapin attack CVE-2023-48795: All you need to know. https://jfrog.com/blog/ssh-protocol-flaw-terrapin-attack-cve-2023-48795-all-you-need-to-know/

Morgan, S. (2023, October 3). Software supply chain attacks to cost the world $60 billion by 2025. https://cybersecurityventures.com/software-supply-chain-attacks-to-cost-the-world-60-billion-by-2025/

Morgan, S. (2025, March 12). Global ransomware damage costs predicted to hit. https://elastio.com/wp-content/uploads/2025/04/RANSOMWARE-REPORT-2025-final.pdf

Mullvad. (2025, March 27). Successful security assessment of our Android app. https://mullvad.net/en/blog/successful-security-assessment-of-our-android-app/

NETSCOUT. (2024). DDoS threat intelligence report – 1H 2024 (Issue 13). https://www.netscout.com/threatreport/wp-content/uploads/2024/09/TR_1H2024_Web.pdf

Nickfetrat, F. (2024, October 9). iptables vs nftables: What’s new in Linux firewalling? https://dev.to/farshad_nick/iptables-vs-nftables-whats-new-in-linux-firewalling-4a36

Nicole, S. (2025, July 4). What is an SSID & why naming conventions matter. https://exactlyhowlong.com/what-is-an-ssid-why-naming-conventions-matter/

NIST. (2024, November 21). CVE-2021-24027 detail. https://nvd.nist.gov/vuln/detail/CVE-2021-24027

NIST. (2025, June 2). CVE-2025-26465 detail. https://nvd.nist.gov/vuln/detail/CVE-2025-26465

Ojha, D. (2023, December 22). SSH prefix truncation vulnerability used in Terrapin attacks (CVE-2023-48795). https://threatprotect.qualys.com/2023/12/22/ssh-vulnerability-used-in-terrapin-attacks-cve-2023-48795/

Okoruwa, S., & Chapman, S. (2025, April 25). 25 ransomware statistics, facts & trends in 2025. https://www.cloudwards.net/ransomware-statistics/

OWASP. (2025). XML security cheat sheet. https://cheatsheetseries.owasp.org/cheatsheets/XML_Security_Cheat_Sheet.html#man-in-the-middle-mitm-attack

Palatty, N. J. (2025, June 20). How many cyber attacks per day: The latest stats and impacts in 2025. https://www.getastra.com/blog/security-audit/how-many-cyber-attacks-per-day/

Poireault, K. (2023, December 14). Cozy Bear hackers target JetBrains TeamCity servers in global campaign. Infosecurity Magazine. https://www.infosecurity-magazine.com/news/cozy-bear-russia-jetbrains-teamcity/

Postel, J. (1981, September). RFC 792: Internet control message protocol. https://datatracker.ietf.org/doc/html/rfc792

Qualys Threat Research Unit. (2025, February 19). 2023 Qualys TruRisk research report. https://www.qualys.com/forms/tru-research-report/

Red Hat. (2024, October 6). CVE-2023-48795. https://access.redhat.com/security/cve/cve-2023-48795

SANS Institute. (2020). ICMP abuse in network attacks. https://www.sans.org

Sharma, S. (2024, August 12). Trump campaign suffers sensitive data breach in alleged Iranian hack. https://www.csoonline.com/article/3485643/trump-campaign-suffers-sensitive-data-breach-in-alleged-iranian-hack.html

Smith, G. (2025, June 4). Top +35 DDoS statistics (2025). https://www.stationx.net/ddos-statistics/

Snape, G. (2025, February 19). Supply chain cyber attacks surge over 400%, expected to continue rising – Cowbell report. https://www.insurancebusinessmag.com/us/news/cyber/supply-chain-cyber-attacks-surge-over-400-expected-to-continue-rising--cowbell-report-525369.aspx

SOCRadar. (2024, June 13). Phishing in 2024: 4,151% increase since launch of ChatGPT; AI mitigation methods. https://socradar.io/phishing-in-2024-4151-increase-since-chatgpt/

Spring, T. (2016, August 11). Bluetooth hack leaves many smart locks, IoT devices vulnerable. https://threatpost.com/bluetooth-hack-leaves-many-smart-locks-iot-devices-vulnerable/119825/

SSL Insights. (2025, May 30). Phishing statistics for 2025: Latest figures and trends. https://sslinsights.com/phishing-statistics/

Stanescu, B. (2012, May 17). Top 5: Corporate losses due to hacking. Hot for Security: Industry News. Retrieved from https://hotforsecurity.bitdefender.com/blog/top-5-corporate-losses-due-to-hacking-1820.html [Link no longer active]

StormWall. (2025, May 28). What’s new in the world of DDoS? StormWall’s Q1 2025 report. https://stormwall.network/resources/blog/ddos-report-q1-2025

Threat Hunter Team. (2025, February 20). Ransomware 2025: Attacks keep rising as threat shows its resilience. https://www.security.com/threat-intelligence/ransomware-trends-2025

Toulas, B. (2024, January 3). Nearly 11 million SSH servers vulnerable to new Terrapin attacks. https://www.bleepingcomputer.com/news/security/nearly-11-million-ssh-servers-vulnerable-to-new-terrapin-attacks/

Vahab, A. B. (2025, May 06). OWASP IoT Top 10 Vulnerabilities (2025 Updated). Wattlecorp Cybersecurity Labs: https://www.wattlecorp.com/owasp-iot-top-10/

Verizon. (2025). 2025 data breach investigations report. https://www.verizon.com/business/resources/reports/dbir/

Wabuge, D. (2023, July 7). 13 man-in-the-middle attack statistics you must know about. https://securityescape.com/man-in-the-middle-attack-statistics/

Watlecorp. (2025, May 6). OWASP IoT top 10 vulnerabilities (2025 updated). https://www.wattlecorp.com/owasp-iot-top-10/