The Cybersecurity and Infrastructure Security Agency (CISA) is continuing its push to educate the public about the new phishing man-in-the-middle (Phishing MitM) attacks that have been spotted in the wild recently. These attacks are especially alarming due to the fact that they are successful even against accounts and systems that have deployed certain forms of multi-factor authentication (MFA).
These novel attacks were recently reported by Microsoft, who said in a statement that it was an ongoing, "large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user's sign-in session, and skipped the authentication process even if the user had enabled MFA." As of the time of publishing, over 10,000 organizations were found to have been targeted since September 2021.
As a response, CISA has issued two data sheets intended to help highlight these new threats and prepare consumers and industry professionals alike by informing them about phishing-resistant MFA.
One document focuses on the multiple variations of these evolving attacks, how victims are targeted and how to protect themselves with advanced multi-factor authentication. The other focuses on the risks associated with systems that use mobile-push notification based MFA and ways to mitigate those risks without making changes to their existing infrastructure.
In summary, CISA commented that they “…strongly urges all organizations to implement phishing-resistant MFA to protect against phishing and other known cyber-threats.”
To read more or download the data sheets, check out the original CISA announcement.