EXECUTIVE SUMMARY:

Should you be more concerned about the threats filtering into your employees’ inboxes? Over 3.4 billion phishing emails are delivered every day. While phishing attacks alone can devastate a business, phishing attacks that serve as a gateway for other attack types can be even more damaging and difficult to disrupt.

In this article, we’ll explore how Adversary in the Middle attacks weaponize phishing emails, show how these attacks work, review implications, and empower you with must-know prevention tips. Discover new ways to optimize your organization’s security that can drive and support uninterrupted enterprise success.

What is an Adversary in the Middle attack? 

An Adversary in the Middle attack (AitM) is a sophisticated threat that allows cyber criminals to intercept network communications. From there, cyber attackers can pinch credentials, copy encryption and identity verification keys, and launch further attacks.

AitM phishing lures

AitM attacks commonly start with a phishing email that looks as though it’s from a legitimate source. The phishing email typically contains hidden HTML elements (like malicious links embedded into buttons) that connect to a fraudulent web page.

Cyber criminals create phony pretenses to compel recipients to click on the malicious links. An email’s text might say something about a business emergency, for example, and that the IT department needs to verify credentials.

Adversary in the Middle attack (AitM)

When an unsuspecting email recipient clicks on a malicious link, they’re shunted to one or more non-descript redirector pages. Eventually, the victim lands on the AitM phishing webpage. Then, the attack transitions from phishing fraud into a complete, full-blown AitM attack.

Adversary in the Middle attacks are so deceptive and sophisticated that they don’t always require for a user to input their credentials into a fake site. Rather, they often route the victim to a proxy server that’s inserted into the middle of the transaction. The proxy equips attackers with capabilities that allow for the theft of cookie, login information and more.

Implications of Adversary in the  Middle (AitM) tactics

Attacks like these can enable attackers to seamlessly integrate into critical enterprise systems, such as business email or cloud environments. In turn, attackers can then execute more sophisticated and more lucrative attacks, ranging from ransomware deployment to Business Email Compromise (BEC) scams.

AitM adversaries may also use the AiTM position for purposes of monitoring or modifying traffic, such as in Transmitted Data Manipulation. Further, attackers can set up a position similar to AitM in order to impede traffic flows to intended destinations. This can impair defenses and/or support network denials of service.

Preventing Adversary in the Middle attacks

1. Anti-phishing provisions. Ensure that your organization can stop phishing at the earliest stages of the attack cycle. Maintain strong awareness programs, policies and technologies. Teach users how to recognize malicious email content, update policies as appropriate, and leverage tools that limit the number of phishing emails reaching end-users.

2. System monitoring tools. CISO dashboards, logging utilities and Security and Information and Event Management (SIEM) suites enable organizations to quickly pick up on abnormal behaviors that can indicate AitMs.

3. Auto-access revocation. Your organization may also wish to retain auto-access revocation privileges, allowing admins to revoke access rights for any account at any time.

4. Leverage conditional access policies. Configure advanced access policies, setting parameters around who and what a user can access with a work computer/device. Creating conditional access policies that prevent connections to websites that do not meet client standards or that do not fall into a specific list of domains can cut off AitM threats.

Further information

Adversary in the Middle attacks are also sometimes known as Adversary in the Middle Phishing Attacks or as Man in the Middle attacks.

AitM attackers can be relentless. Implement security protocols and best practices that can protect your organization from this type of vicious and insidious threat.

For more phishing and social engineering prevention insights, please see CyberTalk.org’s past coverage. Lastly, to receive cutting-edge cyber security news, insights, best practices and analyses in your inbox each week, sign up for the CyberTalk.org newsletter.