The ongoing battle between adversaries and security defense tools is constantly evolving, with each side trying to outsmart the other. As technology advances, it provides threat actors with more opportunities to find new and creative ways to perpetuate fraud and deceit. Conversely, security defense tools work tirelessly to invent better and more advanced ways to protect people, each time tipping the scale to one side or the other.
Yet none can provide zero threat of attack.
A relatively recently reported threat identified by Microsoft as AiTM (Adversary-in-the-Middle) adds additional reasons to worry when it comes to the abilities of defense systems to prevent malicious attacks from taking place. AiTM is being used in combination with generative AIi to create a new level of realistic phishing attacks at scale, leaving no room for mistakes. AiTM is an adversary-in-the-middle, which, similar to man-in-the-middle or MiTM attack, is composed of an attacker using a website being proxied to the legitimate login page of the source website. To the intended victim, it looks completely identical and also has a way of bypassing two-factor authentication and MFA.The targeted end-user is duped into filling in their log-in credentials taking them to the actual log-in website for validation where the attacker is able to capture and steal the resulting session cookie and use it for sophisticated phishing attacks.
With AiTM, attackers can leverage the user’s email to locate specific correspondence with requests for payment or invoices and can craft the conversation in a way that seems natural, leading the victim to give out sensitive information or even transfer funds. They can also perform follow-on business email compromise (BEC) campaigns against other targets.Moreover, AiTM can automate the entire process of extracting session cookies from hundreds of thousands of users without requiring any interaction or intervention from the attackers themselves. This is achieved through the use of automated scripts and bots that are capable of performing the required actions at a massive scale, leading to an even greater risk of successful attacks.
When adding new factors like the usage of AI tools, and with GPT-4 just being announced by OpenAI with far better results than its amazing predecessor ChatGPT, social engineering attacks like phishing will become much more sophisticated and therefore, even more misleading to the common user. Such use of AI-based techniques and tools by attackers can also increase the efficiency and effectiveness of AiTM attacks, making them even more difficult to detect and prevent. What’s more, there has been a in the availability and accessibility of AiTM phishing kits, particularly those offered by a threat actor titled DEV-1101. These kits are lowering the entry barriers for novice or non-technical attackers to engage in cybercrime without any technical knowledge. When combining these AiTM and AI tools together, the result is large-scale attacks with impressive sophistication levels that are becoming widely available and with an affordable price tag for attackers from all levels around the world.
The takeaway from this situation is that investing in advanced technology and fancy protection tools mightnever be enough to protect individuals and enterprises. True protection can only come by achieving awareness with end users who could potentially experience the different kinds of attacks. Choosing the right solution, that combines realistic and customizable attack simulations, with awareness training that can be tailor made to impact a user's behavior is even more crucial. It is critical to understand that the human factor is often the weakest link in an organization's security. No matter how advanced the technology is, a single click on a phishing email could result in a breach. Therefore, investing in security awareness training and readiness must be a priority for all organizations.
Such training should cover not only the basics of cybersecurity but also the latest threats and attack techniques that are currently in use. This way, employees can be equipped with the necessary knowledge and skills to detect and prevent cyber-attacks. Additionally, regular simulations of realistic attack scenarios can help to keep employees on their toes and reinforce good security practices. Security awareness must be an ongoing process, not just a one-time event. Attackers are constantly changing their tactics and developing new methods to deceive and manipulate their targets. Therefore, organizations must regularly update their training programs to keep up with the latest threats and ensure that their employees are equipped to handle them.
The ultimate goal is to create a positive security culture inside the organization, resulting in a human firewall against attacks. A security-aware culture can greatly reduce the risk of successful attacks and mitigate their impact. This requires a comprehensive approach that involves not only technical solutions but also a culture of security awareness that permeates throughout the organization. With the right combination of technology and education, businesses can better protect themselves and their users from the ever-evolving threat landscape.
As attacks continue to evolve, including AiTM, organizations cannot afford to leave the human factor exposed. Time must be invested and security awareness training must be implemented to stop threat actors in their tracks.
