Adversary-in-the-middle attacks.
By Tim Nodar, CyberWire senior staff writer
Aug 30, 2023

Phishing-as-a-service is rising, and adversary-in-the-middle tactics are enabling the criminal sector's growth.

Adversary-in-the-middle attacks.

The Microsoft Threat Intelligence team has warned of a rise in adversary-in-the-middle (AiTM) phishing attacks, the Hacker News reports. These attacks are launched via phishing-as-a-service (PhaaS) offerings. Microsoft said in a post on X (formerly known as Twitter), “This development in the PhaaS ecosystem enables attackers to conduct high-volume phishing campaigns that attempt to circumvent MFA protections at scale.” The researchers add, “Circumventing MFA is the objective that motivated attackers to develop AiTM session cookie theft techniques. Unlike traditional phishing attacks, incident response procedures for AiTM require revocation of stolen session cookies.”

The criminal uses of adversary-in-the-middle tactics.

George McGregor, VP at Approov, wrote, “AiTM phishing aims to steal cookies from browsers and use them to access backend systems." There are, however, further nuances. “There is an even bigger AiTM threat posed by mobile apps which is not mentioned by Microsoft: Mobile apps are highly susceptible to AiTM attacks and secret theft at runtime because hackers can easily manipulate the client environment and/or the communication channel(s). This could certainly also be packaged "as a service" for hackers. Defense against this threat requires app and client attestation and pinning of the communication channel.”

Emily Phelps, Director at Cyware, explained some of the implications of multifactor authentication--a vital tool, but not a magic wand. “Multifactor authentication is table stakes when it comes to safeguarding data. Strong authenticator apps should be used with each log-in session. Human behavior continues to be a common exploit for attackers because it continues to be effective. As an industry, cybersecurity must work to get ahead of these tactics, with threat intelligence programs that include intelligence sharing so that once these strategies are known and can be widely distributed, enabling other organizations and individuals to protect themselves against them.”