top of page
  • Writer's pictureAline Silva | PhishX

Know that AiTM attack is a risk to your organization

Have you heard of the AiTM (adversary-in-the-middle) attack? Be aware that this type of phishing can bypass security measures such as multi-factor authentication (MFA) and poses a great risk to organizations.


Recently Microsoft reported an alert about a phishing campaign that hit over 10,000 organizations, the attacks lasted for months and mainly harmed banking companies.


These phishing campaigns are able to bypass MFA authentication and steal users' credentials, even if they enable multi-factor authentication.


These attacks are able to hijack a user's login session, in addition to the use of stolen credentials and session cookies, with this they have access to the victims' email through the corporate email compromise fraud.


MFA is one of the main ways to protect against phishing attacks, but this security measure doesn't seem like enough.


In this way, it is essential that everyone knows how to protect themselves and identify these attacks, because when verification systems fail, only people are able to mitigate these risks.


See below how these attacks happen and how you can protect your organization, after all, AiTM is a great risk for all institutions, whether small, large or medium-sized.

What is an AiTM attack and how does it work?


AiTM phishing attacks deploy a proxy server between the victim and the website the person intends to visit, this server is managed by the criminals.


In this way, attackers use this attack to:


  • Stealing passwords;

  • Hijack login sessions;

  • Circumvent authentication;

  • Stealing access credentials;

  • Using the victim's mailbox to launch fraud attacks.


It's important that you understand that it's not that MFA doesn't work, after all, it's a very effective security device.


However, in these attacks, because the browser session cookie was stolen, it doesn't matter if the person logged in to a website, the attacker will be authenticated due to the cookie that was stolen.


The attacks happen like any phishing, through messages received through emails.


The messages can have various approaches, in the case of the Microsoft attacks, an email was identified that claimed that the person had a voice message. The attached file had an HTML extension, so it opened directly in the browser.


In this way, the page showed a warning that the MP3 file was being downloaded, but in fact, it was a fake warning, what was happening was that the page was being redirected to the proxy site.


The appearance of this proxy site is very similar to the Microsoft login page, making the attack more effective, after all the victims did not suspect that it was phishing.


It is precisely at this moment that the AiTM attack is carried out, as people do not realize the scam, they log in and their data and authentication are sent by the proxy server to the real website of the Office.com, in this way the true authentication is done.


Meanwhile, in the background, the server captures the session cookies sent by the Microsoft service.


Once this is done, the attackers have all the necessary data to carry out the scams. After all, with cookies in hand, they have access to email accounts, without having to go through any type of authentication.


Consequences of these attacks

Because it is such a sophisticated attack that goes unnoticed by people, AiTM is very harmful to businesses as it has the power to target thousands of accounts.


In the case of Microsoft, for example, attackers were able to access the emails of employees of several companies to defraud payments.


In some cases, they built mechanisms in their accounts to automatically move certain messages to trash, so people couldn't figure out the bad hits.


These attacks lasted for months and caused a huge financial loss to the organizations, because by the time the problem was realized, the criminals had already committed several scams.

Just like any phishing campaign and cyberattacks, AiTM offers devastating consequences for organizations, impacting operation, reputation, and especially the financial issue.


The financial loss goes far beyond the amounts intercepted by the criminals, involving costs to remedy the attacks in addition to fines and lawsuits due to the data breach.


Another important point that should be paid attention to is with regard to the reputation of these organizations, after all, a data breach can shake the confidence of customers and investors.


This hurts customer loyalty and brand image in the long run. In addition, it can negatively influence the value of the company's shares, which affects investors and the financial health of organizations.


Therefore, it is essential to invest in robust security measures to reduce risk and be prepared to respond effectively to potential incidents.

Learn how to protect yourself from AiTM attacks?


As much as this is a complex attack, know that there are ways to protect yourself from AiTM, the big issue of this problem is undoubtedly awareness, because only it is able to reduce the risks.


After all, these attacks are aimed at people, so they need to know how to protect themselves from these scams.


Two-factor authentication is very important, it has the power to combat a range of attacks and assist in the security of every organization's data. However, it should not be the only alternative.


You need to create a data security policy and make people understand that they are responsible for the security of your organization's data.


When your employees understand that they are a strong link between your organization and information security, they realize the responsibility they have to ensure everyone's cybersecurity.


Everyone needs to know how to identify which emails are real and which are fake, this task is somewhat complex, after all cybercriminals do everything to make the pages as real as possible.


However, there are some signs that indicate that that email is a scam, the identification of this information is only possible through various training and the acculturation of employees around digital security.


It is important that you understand that tools and systems are important to ensure the security of your organization, however, they alone are not as effective. People need to know how to protect themselves.


PhishX as an ally against AiTM attacks


PhishX is a cybersecurity awareness solution, we are an ecosystem that allows companies to train their employees and customers.


One of the goals of our solutions is to help people identify and protect themselves from phishing attacks.


In this way, PhishX simulates controlled phishing attacks, and is able to educate people so that they know how to identify and respond to these threats. We offer training, testing, and reporting.


Our ecosystem allows companies to create campaigns, such as AiTM attacks, so employees will have prior training of this threat and if the attack occurs, everyone will be able to identify them.


Awareness is the most effective action for these attacks, after all, people often do not recognize a threat due to lack of knowledge, so it is very important to educate them about the main cyber scams.


In addition, our solution offers the report of all campaigns, so the Information Technology team will have data on how many people fell in these simulations.


These indicators are important to measure people's maturity and know the real risk of these attacks. Through this information, it is possible to intensify actions to combat these attacks.


AiTM attacks are a very sophisticated type of phishing designed to bypass even multi-factor authentication, which makes the identification process much more difficult.


This way, when people are not aware of the tactics used by criminals, they become easier targets.


Because, even with the best security solutions, people can still be fooled by convincing emails, fake pages, and requests that appear to be genuine. That's why awareness is critical for all organizations.


So, if you have an organization, whether small, medium, or large, and you understand that protecting your data and your brand's reputation is important, consider implementing an effective security policy.


PhishX can assist you in implementing a data protection strategy and raising awareness of digital security. In this way, you will be able to involve your employees in the acculturation of information security.


Protect your company against AiTM attacks and other forms of phishing, learn about our solutions and learn how PhishX can help you.



Caucasian woman in front of a computer
AiTM attacks can put your company at risk

7 views0 comments

Commentaires


bottom of page