The Issue

IT support professionals in Dallas are advising businesses to watch out for phishing attacks that bypass Multi-Factor Authentication, or MFA. Now they are a very real threat.

The Threat

AiTM stands for Attacker-in-the-Middle. This kind of attack uses “reverse-proxy” sites which pretend to be login pages for software like Microsoft Office 365. Using such AiTM attacks, hackers can fool MFA software, gaining illicit access to networks.

Once such access is obtained, hackers sneak into email accounts, they launch BEC (Business Email Compromise) attacks, then maintain their illicit presence on the network despite MFA protections.

Often the kits used for reverse proxy solutions to gain such access incorporate options such as Modishka. Here’s what you can do to safeguard your business against AiTM attacks through Modishka-type reverse proxies that enable BEC attacks:

Enable Conditional Access

It’s possible to test logins as a means of ensuring they’re coming from trusted IPs. Also, you might only enable access at intervals when particular personnel needs it, then close off that access later.
The more infrastructure defines network access, the more hoops a hacker has to jump through, and the more difficult it becomes for them to circumvent your security.

Put Anti-Phishing Defenses Into Effect

IT support professionals in Dallas advise that you should design anti-phishing operational best practices. This will mean certain things phishers might demand won’t be done using email.

Pull out any financial management from email. Make it a policy not to share access credentials via email, if possible. Examine points of vulnerability and patch them. MSPs can help.

Monitor Networks for Unusual Activity

One of the most important things you can do is monitor networks to ensure anomalous activity isn’t rooted in cybercriminal efforts. Any anomaly is to be questioned, some are more dangerous than others. Monitor your total network, also monitor specific servers more likely to be a target.

Your email server is a big target for cybercriminals, especially those seeking to get around MFA protections. When you see an activity that takes place at, say, three in the morning, when you don’t have any staff working, you’ll know something untoward is going on. At that point you can eject the individual involved in illicit activity, keeping them away from sensitive data.

Doing What You Can to Protect Against MFA Vulnerabilities

Our IT support team in Dallas can help you monitor networks for unusual activity, design anti-phishing protocols, and enable conditional access. MFA is still quite effective, but the best security from the best tech company will be pierced by hackers eventually. Always keep up-to-date. Contact us at Technagy for more info.