cybersecurity

What a Difference a Year Makes

Learn about the latest cybersecurity threats, including Adversary-in-the-Middle attacks, and discover essential email safety practices to protect your accounts and strengthen MFA defenses.


A New Cyber-Attack is Gaining Ground

What a difference a year makes. Just last year, we were urging clients to set up multifactor authentication (MFA) to protect cloud and remote access accounts. Now, a new, highly sophisticated cyber threat, the Adversary-in-the-Middle (AiTM) attack, is successfully bypassing even MFA, catching many organizations off guard. Here’s how to protect against these escalating attacks and secure your accounts and resources.

Why AiTM is Different—and Dangerous

AiTM attacks use phishing emails to lure users into clicking seemingly legitimate links, like those “from Microsoft” asking to verify credentials. By imitating familiar interfaces, attackers can capture login details and MFA session tokens in a single strike. Once they have that token, they gain extended access to email, Teams, and cloud data for up to 90 days—without requiring the user to log in again. Even low-skill bad actors can now use these attacks, thanks to “Phishing-as-a-Service” and easily accessible attack kits.

How AiTM Attacks Unfold

  1. Phishing email bait: A user clicks a seemingly innocuous link, like one from “Microsoft” to confirm their account.

  2. Fake login site: The link directs the user to a convincing replica login page that captures credentials while forwarding them to the real Microsoft login.

  3. MFA token hijacking: The user completes MFA, thinking they are secure. However, both the credentials and session token have been stolen, allowing unrestricted access.

Key Takeaways

  • Avoid clicking email links. If an email requests verification, go directly to portal.microsoft.com in a browser and sign yourself in to verify your account.

  • Use Keeper Password Manager. If the site isn’t legitimate, Keeper won’t autofill credentials—providing a clear red flag that the link is fraudulent.


Bringing It All Together

In short, the rapid evolution of these attacks highlights the ongoing need for vigilance, continual cybersecurity education, and policy updates. As AiTM and similar threats evolve, sticking to basics and using the right tools remain powerful first steps in maintaining a secure environment.

This article was created in collaboration with Josh Zimmerman.

Similar posts

Get notified about Synergy's posts.

Sign up to get up-to-date information technology insights from the experts at Synergy.