Your MFA isn’t broken — it’s being bypassed, and your employees can’t tell the difference
Summary
Adversary-in-the-Middle (AiTM) phishing attacks are bypassing multi-factor authentication (MFA) by capturing entire authentication flows in real-time, including session tokens. Unlike traditional phishing, these modern attacks use proxy servers that relay legitimate authentication processes, making them undetectable to employees and standard security alerts.
IFF Assessment
AiTM phishing represents a significant advancement in attack techniques that directly undermines the effectiveness of a widely adopted security control (MFA).
Defender Context
Defenders need to recognize that traditional MFA is no longer a foolproof solution against sophisticated phishing. Organizations must invest in advanced detection mechanisms that can identify session hijacking and anomalous behavior, as well as enhance user training to focus on recognizing the subtle signs of proxy-based attacks.