AiTM phishing attacks on the rise

Adversary-in-the-middle phishing has become increasingly prevalent as threat actors seek to deploy stealthy high-volume phishing attacks, reports The Hacker News. Aside from the growing number of phishing-as-a-service platforms with AiTM functionality, already available phishing services have been increasingly integrating AiTM to bypass multi-factor authentication defenses in targeted systems, according to the Microsoft Threat Intelligence team. Attacks leveraging AiTM-capable phishing kits could facilitate the covert exfiltration of user credentials, session cookies, and two-factor authentication codes and later obtain escalated privileges in targeted systems either through reverse proxy servers that disrupt network traffic or synchronous relay servers that redirect targets to fraudulent sign-in pages. Synchronous relay services were noted by researchers to be offered by Greatness PhaaS platform operator Storm-1295. "Circumventing MFA is the objective that motivated attackers to develop AiTM session cookie theft techniques," the tech giant noted. Unlike traditional phishing attacks, incident response procedures for AiTM require revocation of stolen session cookies," said researchers.