aitm (4)

13156737698?profile=RESIZE_400x“Multi-Factor Authentication stops 99% of all attacks.”  It’s a phrase used quite a bit.  However, while MFA has become the go-to cybersecurity solution deployed by businesses globally, we must recognize that not all MFA solutions are created equal.  Many are as easy to hack with social engineering and phishing as traditional passwords.  So, the claim that almost all attacks can be repelled by MFA is an oversimplification at best and insincere at worst.

This raises an important question: if so,

10998110089?profile=RESIZE_400xAn open source Adversary-in-The-Middle (AiTM) phishing kit has found new users in the cybercrime world for its ability to make cyberattacks at scale.  Microsoft Threat Intelligence is tracking the threat actor behind the development of the kit under its emerging name DEV-1101.  An AiTM phishing attack typically involves a threat actor attempting to steal and intercept a target's password and session cookies by deploying a proxy server between the user and the website.

Such attacks are more effec

10764228452?profile=RESIZE_400xActivity Summary - Week Ending on 12 August 2022:

  • Red Sky Alliance identified 23,968 connections from new IP’s checking in with our Sinkholes
  • ril.com Hit
  • Analysts identified 765 new IP addresses participating in various Botnets
  • Zeppelin Ransomware
  • Exim
  • SmokeLoader
  • RapperBot
  • AiTM Phishing
  • BlenderBot
  • PortDoor & CotSam

Link to full report: IR-22-224-001_weekly224.pdf

10733059301?profile=RESIZE_400xActivity Summary - Week Ending on 29 July 2022:

  • Red Sky Alliance identified 25,992 connections from new IP’s checking in with our Sinkholes
  • Hetzner 10x
  • Analysts identified 309 new IP addresses participating in various Botnets
  • Ransomware UpDate
  • Adversary-in-the-Middle - AiTM
  • South Africa under Attack
  • Mercenary Spyware
  • T-Mobile
  • US Electric Grid
  • Kherson Ukraine

Link to full report: IR-22-210-002_weekly210.pdf