Estimated Reading Time: 5 - 6 minutes
As a trusted IT support provider for small and medium businesses in the UK, we’re always on the lookout for emerging threats that could compromise your security. One such growing threat is Adversary-in-the-Middle (AiTM) phishing - a sophisticated attack that bypasses even Multi-Factor Authentication (MFA). Here’s what you need to know and how to stay protected.
What Is AiTM Phishing?
AiTM phishing is a type of cyberattack where criminals intercept your login session in real time. Unlike traditional phishing, which steals usernames and passwords, AiTM attacks go a step further by capturing session cookies - digital tokens that prove you’ve already logged in. With these, attackers can impersonate you without needing your password or MFA code again.
How Does It Work?
- Fake Login Pages: Attackers create a convincing replica of a legitimate login page using a proxy server.
- Entice You to the Fake Page: Typically via an email that appears to come from Microsoft Teams, OneDrive, or other services.
- Session Hijacking: Once you log in, the attacker captures your session cookie and MFA response in real time.
- Access Granted: The attacker now impersonates you without needing credentials again.
Why Should SMEs Care?
Many small businesses believe they’re too small to be targeted. Unfortunately, attackers often see SMEs as low-hanging fruit - less protected but still valuable. With automation, they can attack hundreds of thousands at once. AiTM phishing can lead to data breaches, financial fraud, and reputational damage.
How to Protect Your Business
Here are practical steps you can take to defend against AiTM phishing:
- Use Conditional Access Policies: Restrict access based on location, device compliance, or risk level in Microsoft 365.
- Use Phishing-Resistant MFA: Adopt FIDO2 security keys or passkeys that are immune to AiTM-style attacks.
- Educate Your Team: Train staff to spot suspicious emails, double-check URLs, and report anything unusual.
- Monitor for Unusual Activity: Use tools like Microsoft Lighthouse to watch for unexpected logins or network activity.
- Session Controls: Set re-authentication rules for sensitive actions and session timeouts.
- Secure Your Domain: Register similar domains to prevent impersonation and spoofing attacks.
Frequently Asked Questions (FAQs)
What makes AiTM different from regular phishing?
Traditional phishing steals your login details. AiTM steals your session, bypassing even MFA by impersonating your logged-in state.
Can MFA protect against AiTM attacks?
Not always. Basic MFA methods like SMS codes can be bypassed by AiTM. Phishing-resistant MFA (like FIDO2 keys) is recommended.
Are small businesses really targeted by AiTM phishing?
Yes. SMEs are often targeted because they have valuable data and typically weaker defences.
How can I train my staff to spot AiTM?
Run regular phishing simulations, awareness training, and teach employees to carefully inspect links and email sources.
Is this type of attack new?
It’s relatively recent and increasing in popularity due to its success in bypassing MFA. Attackers are becoming more sophisticated.
Want Help Defending Against AiTM Phishing?
Worried about session hijacking or phishing-resistant security? We can help.
AiTM phishing is a serious threat, but with the right tools and awareness, it’s one you can defend against. Contact us to discuss how we can implement these protections for your organization.
At Telanova, we provide proactive cybersecurity and IT support to protect businesses across Ascot, Bracknell, Wokingham, Reading and the wider Berkshire area.
Learn more about our IT services or call us on 01344 989 530 to talk about securing your business.
