Adversary-in-the-middle attacks: The threat that makes your MFA useless

Adversary-in-the-Middle (AiTM) attacks have emerged as a significant threat to the security of multi-factor authentication (MFA), which was once considered a strong defense against credential theft. Unlike traditional phishing attacks, AiTM attacks involve a reverse proxy server positioned between a user and a legitimate service, allowing attackers to capture session cookies and bypass MFA. This method has gained traction due to its effectiveness and accessibility, with phishing kits and frameworks making it easier to execute these attacks. Despite MFA being enabled, a large number of accounts have been compromised through AiTM attacks, highlighting the need for enhanced security measures. Effective detection and mitigation strategies include phishing-resistant authentication methods like passkeys, real-time behavioral detection, and continuous access evaluation. These strategies aim to close the gap that AiTM exploits by preventing the interception of credentials and replay of sessions, reducing the impact of such attacks on organizations.