Security News > 2022 > August > Researchers Warns of Large-Scale AiTM Attacks Targeting Enterprise Users

A new, large-scale phishing campaign has been observed using adversary-in-the-middle techniques to get around security protections and compromise enterprise email accounts.

Opening the attachment via a web browser redirects the email recipient to the phishing page that masquerades as a login page for Microsoft Office, but not before fingerprinting the compromised machine to determine whether the victim is actually the intended target.

AitM phishing attacks go beyond the traditional phishing approaches designed to plunder credentials from unwitting users, particularly in scenarios where MFA is enabled - a security barrier that prevents the attacker from logging into the account with only the stolen credentials.

"The kits intercept the HTML content received from the Microsoft servers, and before relaying it back to the victim, the content is manipulated by the kit in various ways as needed, to make sure the phishing process works," the researchers said.

What's more, in some instances, the hacked email inboxes are subsequently used to send additional phishing emails as part of the same campaign to conduct business email compromise scams.

"Even though security features such as multi-factor authentication add an extra layer of security, they should not be considered as a silver bullet to protect against phishing attacks," the researchers noted.

News URL

https://thehackernews.com/2022/08/researchers-warns-of-large-scale-aitm.html