Clear Sailing IT Solutions Blog
Man-in-the-Middle(MITM) In-PathAttacks
Compromise Description:
In the world of cryptography and computer security, a man-in-the-middle (MITM) attack, also known as an in-path attack, occurs when an attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other.
This includes Chats, Phishing Emails, and even Phone Calls.
The largest trend right now is the use of a program called (Evilginx2). It produces a link to a landing page that looks legitimate. In which the unknowing user clicks a link in an email or website routing them to a page, where they are asked to log into their Microsoft account, once authenticated, the hacker has full control of that users account, not needing a password or their 2FA (2 factor authentication).
What are we doing to combat these attacks?
- Force strong passwords that require changing at set intervals.
- Review and Audit all clients tenant security settings.
- Implementation of more granular Login location tracking and reporting, including AI.
- Regular Email Phish Training for end users.
Visual Changes users may or may not notice.
- Conditional access. Single sign-on (SSO), will make authentication more fluid in the office, but stricter in other locations outside the office.
- Regular password changes or forced password changes.
- 100% 2FA adoption of all clients and users.