We are seeing a rise in AiTM phishing attacks. (Adversary in the middle).  Microsoft has a good write up on how it is taking place and affecting their services(link below). Recent examples bypass MFA security and are especially effective when targeting cloud based services. We recently experienced how an AiTM phishing attempt utilized stolen browser cookies to bypass all authentication (including MFA) and gain access to a MS 365 account.
QUICK OVERVIEW OF AiTM
(AiTM is increasingly being used to increase the percentage of their clicks from Phishing Emails and these targets could result in stolen browser cookie sessions which will allow the effective bypass of many forms of cloud service authentication within a browser)
Understanding AiTM Phishing
Traditional phishing attacks involve malicious actors attempting to trick individuals into divulging sensitive information or performing certain actions by impersonating reputable entities through emails or fake websites. However, with the advent of artificial intelligence (AI) technologies, cybercriminals have gained access to powerful tools that can automate and enhance their phishing efforts.
AiTM phishing leverages AI algorithms to create highly convincing phishing campaigns that can evade traditional security measures. These attacks utilize AI to generate convincing emails, imitate trusted senders, and personalize content to target individuals with precision. By harnessing machine learning and natural language processing, cybercriminals can create realistic and tailored messages that increase the likelihood of successful phishing attempts.
The Dangers of AiTM Phishing
Increased Sophistication: AiTM phishing campaigns are designed to be highly sophisticated, making them difficult to distinguish from legitimate communications. Advanced AI algorithms analyze vast amounts of data, including personal details available through online sources, to craft highly targeted messages that appear genuine.
Social Engineering Manipulation: AiTM phishing attacks exploit human psychology by leveraging personal information and emotional triggers to deceive victims. By exploiting their trust, fear, or curiosity, cybercriminals are more likely to succeed in tricking individuals into revealing sensitive information or performing malicious actions.
Evading Traditional Security Measures: Traditional email filters and security systems may struggle to identify AiTM phishing attempts due to their enhanced sophistication. The use of AI algorithms allows attackers to bypass spam filters and even imitate the communication style of genuine senders, making it challenging for individuals to detect fraudulent emails.
