When you get MFA going for everyone in your business, wouldn’t you know a new cybercriminal workaround will appear? Cybercriminals are unrelenting, so you have to be, too. It’s the latest version of phishing, the most successful way for cybercriminals to get system credentials.
AitM, or adversary-in-the-middle, is a few steps up from run-of-the-mill phishing. It can bypass some forms of MFA. How does it work?
Employees receive an email or text message asking them to log in to a site they’re familiar with. The site is hosted on the cybercriminal’s proxy server and appears identical to the genuine site except for the URL. The proxy server sends the login credentials to the authentic site, which sends back a MFA request to the proxy server.
The cybercriminals server relays this request to the employee who enters the correct response. This response goes back through the proxy server to the authentic site, which provides a session cookie to the cybercriminal’s server. Once the cybercriminals have genuine credentials and session cookies, they can log in to the authentic site, bypassing the MFA.
How can this improved form of phishing be countered? Educate your employees. They should know not to click links in emails but go directly to their online accounts. Don’t open email attachments from people they don’t know.
If it’s from someone they know, confirm with the sender that it’s actually from them. Other ways to protect your network are utilizing VPNs, enforcing HTTPS, and using public key authentication. Don’t stop using MFA, as it still helps thwart cybercriminals.
Author: Kris Keppeler is a writer who finds technology fascinating and loves humor. She writes on Medium.com. She is also an award-winning podcast producer who enjoys telling funny stories. Follow her on X (formerly Twitter) @KrisNarrates or on LinkedIn.
Small Business Solutions 