Microsoft has warned that a large-scale phishing campaign using "adversary-in-the-middle" or AiTM websites has hit more than 10,000 organizations since September 2021.
AiTM sounds like bad news as the phishing sites can skip authentication on sites even when the user has enabled multi-factor authentication (MFA). The attack involves hijacking a user's sign-in session, and using stolen credentials and session cookies to access victims' email for business email compromise (BEC) fraud.
MFA is one of the key ways organizations can protect themselves from phishing and credential theft attacks. The Biden administration made MFA mandatory for federal agencies while other organizations, such as the Python Software Foundation, are making MFA a minimum requirement for critical projects. Microsoft is also trying to make MFA between organizations easier in order to prevent supply chain attacks.
SEE:These hackers are spreading ransomware as a distraction - to hide their cyber spying
AiTM phishing attacks involve deploying a proxy server between a target and the website the victim intends to visit. That site is impersonated by the attacker. MFA isn't broken per se but since the browser session cookie has been stolen, it doesn't matter how the user logged into a site