Discover one of the biggest hidden threats to your business’ security measures: Adversary-in-the-Middle Attacks. Learn how to prepare for, identify, and address these threats in real-time from Aaron Walton, threat intel analyst at Expel.
One of the most impactful cybersecurity defenses in recent memory was the advent of multifactor authentication (MFA). Up to that point, an attacker only needed a stolen username and password to access an account. MFA solutions made it possible to demand a second form of identification before granting that access, usually through a text message, push notification, or one-time code. This was revolutionary. After all, these solutions ensured that to break into an account secured by MFA; an attacker would need access to a physical device belonging to the target—right?
Wrong, unfortunately. They don’t need access to the physical device. They can attack other parts of the authentication chain, stealing a One-time Password (OTP) or the session after authentication. MFA solutions make it more difficult for attackers to engage in credential-based attacks, but attackers continue to adapt. “Adversary-in-the-Middle” (AiTM) phishing…
