In the dynamic realm of cybersecurity, threats often disappear temporarily, only to evolve and reappear in more sophisticated forms. One such resurgence is the adversary-in-the-middle (AiTM) attack, a potent phishing tactic that poses a risk to the security of SaaS applications. How should organisations prepare themselves to counter this formidable threat?
AiTM evolution
While AiTM is not a novel concept, it has undergone a metamorphosis, transforming the tools employed into a potent weapon in the arsenal of cyber adversaries. Initially witnessed in 2017, AiTM are particularly adept at pilfering session tokens – the danger being in AiTM’s resulting ability to circumvent Multi-Factor Authentication (MFA), rendering trusted security measures inadequate.
The AiTM attack intercepts authentication between users and a legitimate authentication service to compromise identities, steal credentials and intercept MFA, capturing the session cookie. This stolen session cookie allows attackers to impersonate the user without further intervention, gaining unauthorised access and potentially leading to business e-mail compromise attacks.
Modern cyber adversaries use phishing and spear-phishing campaigns to redirect users to fake login pages. Once users enter legitimate credentials and complete the MFA prompt, the attackers save the credentials and session token. The end-user is then redirected to the legitimate login page, automatically logged in without suspecting anything. Tools like Evilginx and new tactics like “EvilQR” (QR code-based attacks) further complicate detection, as entire emails with QR codes are inserted as images, making it challenging for e-mail security solutions to identify the threat.
Bolstering cybersecurity measures no longer an option but a necessity
Recognising the gravity of AiTM attacks, NEC XON implements pivotal security measures to protect against potential breaches. In the face of emerging tactics, techniques and procedures, NEC XON emphasises the need for a proactive approach from managed security service providers and cybersecurity professionals worldwide.
As our customers navigate this new era of cyber threats, the call to action is clear – bolstering cybersecurity measures is no longer an option but a necessity. The time to reinforce defences and stay ahead of evolving threats is now. The era of AiTM demands a united front from the global cybersecurity community to ensure a secure digital future. Stay vigilant, stay secure.
About NEC XON
NEC XON is a leading African integrator of ICT solutions and part of NEC, a Japanese global company. NEC XON has operated in Africa since 1963 and delivers communications, energy, safety, security and digital solutions. It co-creates social value through innovation to help overcome serious societal challenges. The organisation operates in 54 African countries and has a footprint in 16 of them. Regional headquarters are located in South, East and West Africa. NEC XON is a level 1-certified broad-based black economic empowerment business. Discover more at nec.xon.co.za.
- The author, Divan de Nysschen, is NEC XON cybersecurity architect
- Read more articles by NEC XON on TechCentral
- This promoted content was paid for by the party concerned
