Microsoft has recently published a detailed study on the rising threat of Adv Ersary-In-The-Middle (AITM) phishing attacks. These attacks are becoming more common as multifactor authentication (MFA) is increasingly used. The company stresses the importance of implementing advanced protection methods to combat these threats.
AITM-fining represents a new phase in cyber attacks, where hackers create fake websites to steal accounts, including MFA codes, and then use them to access real services. This enables them to obtain the necessary token for access, bypassing MFA security measures.
Microsoft has proposed a comprehensive solution – transitioning to “phishing-resistant” authentication methods such as Passkeys (access keys). These methods utilize cryptography to prevent data interception. Passkeys are specific to devices, linked to a unique URL, and require user authentication, possibly through biometrics.
For users unable to adopt Passkeys, Microsoft recommends additional protection measures, including using Microsoft Authenticator with geolocation and number matching features, limiting access through trusted devices, and implementing conditional access policies with network boundary inspection.
Furthermore, Microsoft advises the implementation of anomaly detection technologies like Entra ID Protection and Microsoft Defender. These tools monitor suspicious activities, such as attempts to access unusual IP addresses or unexpected token requests, and can automatically block suspicious sessions if a threat is detected.
For organizations grappling with the aftermath of AITM attacks, Microsoft offers tools for investigation and risk mitigation, such as Microsoft Sentinel and Defender XDR. These tools aid in incident analysis, identifying threat sources, and preventing further data breaches.
Microsoft experts highlight that by employing these measures collectively, the probability of successful AITM attacks is significantly reduced, making such hacking methods incredibly challenging to carry out.