The Answer to Adversary in the Middle Attacks? Our Common Sense Solution Stopping Web-borne Threats At The Edge
In this age of technology, digital devices and applications have opened a variety of possibilities and opportunities for society to benefit from. Unfortunately, these same devices and applications have given cyber attackers more power than ever, allowing them to grow in speed, volume, and sophistication.
Organizations have bolstered their cyber defenses to combat this new wave of threats, but to avail, as cybercriminal activity is expanding every day.
“A large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multi factor authentication (MFA),” stated Microsoft in their 2021 Microsoft Digital Defense Report. “The attackers then used the stolen credentials and session cookies to access affected users’ mailboxes and perform follow-on business email compromise (BEC) campaigns against other targets. Based on our threat data, the AiTM phishing campaign attempted to target more than 10,000 organizations since September 2021.”
Microsoft continued to explain that in this type of attack, AiTM phishing, attackers deploy a proxy server between a target user and the website the user wishes to visit (that is, the site the attacker wishes to impersonate). Such a setup allows the attacker to steal and intercept the target’s password and the session cookie that proves their ongoing and authenticated session with the website.
AiTM phishing is just one of the many forms of cyberattack that preys on the faults of the users at endpoints to gain access into the desired servers. In fact, 85 percent of the breaches today involve a human element, and 80 percent involving web browsers on mobile/desktop. On top of this, 68 percent of these attacks target endpoints, with the cost of a successful endpoint attack nearly up to $9 million, an increase from $7.1 million last year.
This AiTM phishing campaign is another example of how threats continue to evolve in response to the security measures and policies organizations put in place to defend themselves against potential attacks. Though defeated in this situation, Microsoft warned against dropping MFA from cybersecurity portfolios, instead preaching the need to pair MFA with other, innovative security applications.
“While AiTM phishing attempts to circumvent MFA, it’s important to underscore that MFA implementation remains an essential pillar in identity security. MFA is still very effective at stopping a wide variety of threats; its effectiveness is why AiTM phishing emerged in the first place,” said Microsoft. “Defenders should complement MFA with enhanced solutions and the best practices to further protect their organizations from such types of attacks.”
So, enterprises have begun using every tool at their disposal to ward off cyber criminals, including finding a managed service provider (MSP) to help reinforce their defenses. At the same time, MSPs themselves need to enhance their offerings to keep up with the intelligent modern-day hacker. A TechValidate survey found that 87 percent of surveyed MSPs have lost customers due to insufficient cybersecurity services provided.
With the volume, velocity, and intensity of today’s attacks, from phishing, malware, ransomware, zero-day attacks, and web-borne threats, it is critical for MSPs to begin adopting and leveraging all the tools available at their disposal to combat cyberattacks.
At DefensX, our solution makes sure the users are safe working anywhere on any network or device including desktops, laptops, and iOS & Android. We bundle Remote Browser Isolation, Zero Trust File Protection, and Zero Trust Credential Exposure functionalities for secure remote work.
DefensX converts a traditional web browser into a zero-trust secure browser. Zero-trust threat prevention technology protects users from advanced cybersecurity attacks by isolating threats from reaching endpoint devices, such as desktops, laptops, smartphones, and tablets.Through this, we help keep employees focused on their daily tasks and away from distracting sites, measure their cyber hygiene, and educate them on the cyber security strategies of the company.
Zero-trust enforces access policies based on specific context—including the user's role and location, their device, and what data they are requesting—to block inappropriate access and lateral movement throughout a data environment. On top of this, with zero-trust endpoint security, data and networks can even be safely managed with employees spread out working remotely. Endpoint security products secure and collect data on the activity that occurs on endpoints, while network security products do the same for networks.
Our solution also provides MSPs with Domain Name System (DNS) protection to their portfolio. Like many Internet protocols, the DNS system was not designed with security in mind and contains several design limitations. These limitations, combined with advances in technology, make DNS servers vulnerable to a broad spectrum of attacks, including spoofing, amplification, DoS (Denial of Service), or the interception of private personal information.
Our DNS security protects DNS infrastructure from cyberattacks in order to keep it performing quickly and reliably, incorporating a number of overlapping defenses, including establishing redundant DNS servers, applying security protocols like DNSSEC, and requiring rigorous DNS logging.
Overall, removing the traditional trust relationship between the employees and the Internet is the essence of a modern security architecture. At DefensX, we offer enterprise grade web threat prevention deployed at the endpoints in seconds. Companies using DefensX have a hard stand against emerging social engineering attacks, with an experience end-users enjoy. We make it easy – intuitive – and automatic and are helping organizations protect themselves and their team members with a solution that is easy to acquire, install and scale – while also bringing important new value added services to MSPs.