According to the Microsoft Threat Intelligence team, adversary-in-the-middle (AiTM) phishing attacks are on the rise. These attacks are being facilitated through the use of phishing-as-a-service (PhaaS) offerings, which allow cybercriminals to conduct high-volume phishing campaigns and evade multi-factor authentication (MFA) protections.
In a post on the social media platform X (formerly known as Twitter), Microsoft warned about the development of PhaaS and its impact on MFA. They stated, “This development in the PhaaS ecosystem enables attackers to conduct high-volume phishing campaigns that attempt to circumvent MFA protections at scale.” The researchers also noted that AiTM attacks require the revocation of stolen session cookies, which adds complexity to incident response procedures.
George McGregor, Vice President at Approov, explained that AiTM phishing aims to steal cookies from web browsers and use them to access backend systems. However, he pointed out that there is an even bigger AiTM threat posed by mobile apps, which Microsoft did not mention. Mobile apps are highly susceptible to AiTM attacks and secret theft at runtime because hackers can manipulate the client environment and communication channels. McGregor suggested that this could potentially be offered as a service for hackers, highlighting the need for app and client attestation and pinning of the communication channel to defend against this threat.
Emily Phelps, Director at Cyware, emphasized the importance of multifactor authentication in protecting data but acknowledged its limitations. While multifactor authentication is a vital tool, Phelps stated that it is not a magic wand. Human behavior remains a common exploit for attackers because it continues to be effective. She advocated for the cybersecurity industry to proactively combat these tactics through threat intelligence programs and intelligence sharing. By disseminating information about known strategies widely, organizations and individuals can better protect themselves against emerging threats.
The rise of PhaaS and AiTM tactics in phishing attacks highlights the evolving nature of cybercrime. Hackers are continually finding new ways to circumvent security measures and exploit vulnerabilities. As more individuals and organizations rely on digital platforms and technology, it becomes increasingly important to stay vigilant and implement robust security measures. This includes regularly updating security systems, educating users about phishing techniques, and promoting a culture of cybersecurity awareness. By staying informed and proactive, individuals and organizations can better defend against emerging threats and protect sensitive information.