Man-inthe-Middle Attack

 Man-inthe-Middle Attack 

In early 2022, Microsoft discovered a phishing campaign targeting Office365 users. The attackers spoofed a phony 365 login page, gathering credentials for later abuse and misuse. To do this, the attackers used a Evilginx2 phishing kit — a man-in-themiddle (MITM) attack framework used for phishing login credentials along with session cookies, allowing bad actors to bypass two-factor authentication — in order to hijack the authentication process. Microsoft added in its blog post, “Note that this is not a vulnerability in MFA; since AiTM phishing steals the session cookie, the attacker gets authenticated to a session on the user’s behalf, regardless of the sign-in method the latter uses.”

What you need to know: The MITM attack, also known as adversary-inthe-middle (AiTM), sets up a proxy server that intercepts the victim’s log-in session, so that the malicious actor can act as a relay between the two parties or systems — thereby gaining access to and/or pilfering sensitive information. This type of attack allows a malicious actor to intercept, send and receive data intended for somebody else — or that’s not meant to be sent at all — without either outside party knowing, until it is too late. 

Comments

Popular posts from this blog

Compromised Credentials

SQL Injection