publishing date icon
February 1, 2024
read time icon
5 min. read

Threat Intelligence Report: Adversary-in-the-Middle and other phishing trends

Post hero image

Table of contents

share this post

Multifactor authentication (MFA) might no longer be enough to protect your accounts

Credential harvesting happens when cyber attackers capture user credentials through websites that mimic login screens or forms. It has been a common strategy for hackers for some years now. Multifactor authentication has been widely accepted as a suitable method for de-escalating attacks like this. However, our latest research shows that hackers increasingly harvest MFA and session tokens.

Instead of verifying their session on their device, phishing victims unknowingly log in to the hacker’s device. When prompted to authenticate through MFA, the victim thinks they're logging into a legitimate service and accepts the request.

And there – the hacker now has access to the account.

While multifactor authentication is still recommended cybersecurity practice, it might no longer be the silver bullet it used to be.

Adversary-in-the-middle (AiTM) capability found in 21% of studied threats between December 2023 and January 2024

Adversary-in-the-Middle (AiTM) and other phishing trends

The technique described above is called the Adversary-in-the-Middle (AiTM) credential harvester. It's one of the advanced and alarming phishing techniques explored in Hoxhunt’s Q4 Threat Intelligence Report.

Additionally, the report covers some of the emerging risks associated with social media and AI. We also discuss trending phishing techniques and social engineering tactics observed in the Hoxhunt network. 

We created the report to illustrate the current threat landscape. We aim to allow organizations and individuals to stay one step ahead of threat actors and mitigate risk.

Download the full report by submitting your details below.

About the authors

Hoxhunt’s Threat Operations Team consists of threat analysts and data scientists tasked with handling the emails reported to Hoxhunt.

During Q4 2023, around one million email threats were reported by our end users, averaging almost 10,000 reports per day. Because our end users manually report the emails, our data only consists of threats that have managed to bypass email spam filters. This data is analyzed by the Threat Operations team and combined with other data sources to create actionable intelligence.

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.