Over the past year, researchers observed a sharp increase in usage of AiTM phishing attacks in-the-wild, which are capable of bypassing MFA methods oft used in enterprises. Some of the notable recent enterprise breaches started with an MFA abuse. This session will discuss the availability of phishing-as-a-service providers on underground forums, which has made advanced attacks accessible to threat actors.

RSAC 2023 brought together thousands of cybersecurity professionals for four incredible days of expert perspectives, groundbreaking innovation, and best practices. 

The Death of Conventional MFA: How AiTM Attacks Are Changing the Game

Conference: RSA Conference 2023

Authors: Deepen Desai, Sudeep Singh

Abstract

Post a comment

Related work

Turing in a Box: Applying Artificial Intelligence as a Service to Targeted Phishing and Defending Against AI Generated Attacks

Are Your Child's Records at Risk? The Current State of School Infosec

I Am Whoever I Say I Am: Infiltrating Identity Providers Using a 0Click Exploit

Infiltrating Corporate Intranet Like NSA - Pre-auth RCE on Leading SSL VPNs

Infiltrating Corporate Intranet Like NSA ̶Pre-auth RCE on Leading SSL VPNs