Adversary-in-the-middle phishing has become increasingly prevalent as threat actors seek to deploy stealthy high-volume phishing attacks, reports The Hacker News.
Aside from the growing number of phishing-as-a-service platforms with AiTM functionality, already available phishing services have been increasingly integrating AiTM to bypass multi-factor authentication defenses in targeted systems, according to the Microsoft Threat Intelligence team.
Attacks leveraging AiTM-capable phishing kits could facilitate the covert exfiltration of user credentials, session cookies, and two-factor authentication codes and later obtain escalated privileges in targeted systems either through reverse proxy servers that disrupt network traffic or synchronous relay servers that redirect targets to fraudulent sign-in pages. Synchronous relay services were noted by researchers to be offered by Greatness PhaaS platform operator Storm-1295.
"Circumventing MFA is the objective that motivated attackers to develop AiTM session cookie theft techniques," the tech giant noted. Unlike traditional phishing attacks, incident response procedures for AiTM require revocation of stolen session cookies," said researchers.
BleepingComputer reports that individuals who have filed claims against bankrupt cryptocurrency lender Celsius have been subjected to phishing attacks involving the impersonation of the lender's claims agent, Stretto.
Security pros say once the attackers gain access to the ESXi servers, they essentially have control over MGM’s Windows systems, which can lead to additional data theft, system disruptions, and other malicious activities.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news