What we can do about AiTM attacks?

short answer? Prevent phishing

An Adversary-in-the-Middle (AiTM) attack is a type of cyber attack that occurs when an attacker intercepts communication between two parties -by deploying a proxy server between the user and the website- and is able to manipulate or eavesdrop on the communication. In this type of attack, the attacker acts as a middleman, intercepting and manipulating the communication between the two parties.

AiTM attacks can take many forms, including man-in-the-middle attacks, session hijacking, and ARP spoofing. These attacks can be used to steal sensitive information, such as login credentials and financial data.

How AiTM attacks work

An AiTM attack typically involves a threat actor attempting to steal and intercept a target’s password and session cookies by deploying a proxy server between the user and the website. The attacker alters the communication between these two components and any data shared by the user first flows through the adversary before reaching the intended recipient. This allows the attacker to get authenticated to a session on the user’s behalf, regardless of the sign-in method used by the victim.

For example, in a man-in-the-middle attack, the attacker intercepts the communication between a user and a website, and then manipulates the communication so that the user’s login credentials are sent to the attacker instead of the website.

In another example, in a session hijacking attack, the attacker intercepts the communication between a user and a website, and then uses the intercepted information to take over the user’s session on the website, sensitive information such as a second authentication factor. So it’s serious!

How to protect against AiTM attacks

1. Invest in advanced anti-phishing solutions to monitor incoming emails. Phishing scams are often used to trick users into providing sensitive information, such as their passwords or second authentication factors. Being vigilant for phishing scams and verifying the legitimacy of emails and messages before responding can help prevent attackers from accessing sensitive information.
2. Enable conditional access policies that are enforced every time an attacker attempts to use a stolen session cookie.
3. Regularly monitor the network and systems for any suspicious activities such as unusual sign-in attempts : Regularly monitoring accounts for suspicious activity, such as unauthorized logins or changes to account information, can help organizations detect and respond quickly to AiTM attacks.
4. Security awareness training: This can include regular training for employees on security best practices, such as using strong passwords, avoiding phishing scams, and being vigilant for suspicious activity.

Of course there are some other ways : we can use better and more secure MFA methods like FIDO v2. Any other solutions do you have? Please share it :)

No to sexism in the workplace.