Request a demo
publishing date icon
February 1, 2024
read time icon
5 min. read

Threat Intelligence Report: Adversary-in-the-Middle and other phishing trends

Author image
Siiri L.
Threat Analyst
Post hero image

Table of contents

Reduce your human cyber risk
Hoxhunt's adaptive security training dramatically increases engagement and security resilience.
Learn more

Multifactor authentication (MFA) might no longer be enough to protect your accounts

Credential harvesting happens when cyber attackers capture user credentials through websites that mimic login screens or forms. It has been a common strategy for hackers for some years now. Multifactor authentication has been widely accepted as a suitable method for de-escalating attacks like this. However, our latest research shows that hackers increasingly harvest MFA and session tokens.

Instead of verifying their session on their device, phishing victims unknowingly log in to the hacker’s device. When prompted to authenticate through MFA, the victim thinks they're logging into a legitimate service and accepts the request.

And there – the hacker now has access to the account.

While multifactor authentication is still recommended cybersecurity practice, it might no longer be the silver bullet it used to be.

Adversary-in-the-middle (AiTM) capability found in 21% of studied threats between December 2023 and January 2024

Adversary-in-the-Middle (AiTM) and other phishing trends

The technique described above is called the Adversary-in-the-Middle (AiTM) credential harvester. It's one of the advanced and alarming phishing techniques explored in Hoxhunt’s Q4 Threat Intelligence Report.

Additionally, the report covers some of the emerging risks associated with social media and AI. We also discuss trending phishing techniques and social engineering tactics observed in the Hoxhunt network. 

We created the report to illustrate the current threat landscape. We aim to allow organizations and individuals to stay one step ahead of threat actors and mitigate risk.

Download the full report by submitting your details below.

About the authors

Hoxhunt’s Threat Operations Team consists of threat analysts and data scientists tasked with handling the emails reported to Hoxhunt.

During Q4 2023, around one million email threats were reported by our end users, averaging almost 10,000 reports per day. Because our end users manually report the emails, our data only consists of threats that have managed to bypass email spam filters. This data is analyzed by the Threat Operations team and combined with other data sources to create actionable intelligence.

Subscribe to All Things Human Risk

Subscribe to our newsletter for a curated digest of the latest news, articles, and resources on human risk and the ever-changing landscape of phishing threats.

We're committed to your privacy. Hoxhunt uses the information you provide to us to contact you about our content, products, and services. You may unsubscribe from these communications at anytime. For more information, check out our Privacy Policy.