Welcome to our latest blog post on advanced identity-related attacks! With more than 40% of users now using multifactor authentication (MFA), there are some key trends we are seeing. Adversaries are targeting unprotected accounts more successfully, resulting in a higher level of risk. Additionally, as MFA becomes more commonplace, attackers are finding new ways to bypass MFA protection, such as AiTM phishing attacks.
Most attacks still involve passwords, so the first step is to enable MFA which can block over 99% of password-related attacks. In our previous blog, we discussed countermeasures against token theft attacks. Now, we will dive into AiTM phishing attacks and how they work.
Classic phishing attacks involve tricking a user into visiting a fake website and giving away their credentials. However, MFA has made this approach more challenging for attackers. AiTM phishing attacks involve attackers inserting themselves between the user and the legitimate website, tricking the user into providing their credentials and MFA code.
To protect against AiTM phishing attacks, consider implementing phishing-resistant credentials like passkeys. Passkeys are virtually impossible to phish due to their unique characteristics. Additionally, setting up access policies that restrict threat actor activity, requiring managed and compliant devices,
