Summary
One of the key tools at the center of social engineering attacks against organizations is phishing. According to the Anti-Phishing Working Group’s latest report, the number of unique phishing websites detected in December 2021 was 316,747, where they have detected between 68,000 and 94,000 attacks per month in early 2020, meaning that phishing attacks have more than tripled from 2020 to 2021.
Traditional phishing attacks will often clone a website or attempt to drop malware to compromise and steal sensitive data from the phished victim. However, the use of multi-factor authentication (MFA) can mitigate cases where sensitive data is stolen, as this adds an extra layer of protection required to access the account or service. Also, a threat protection solution can mitigate cases where the phishing drops malware to compromise the machine. This is where a more modern phishing method comes into play, the man-in-the-middle (MITM) phishing attack.
To carry out MITM phishing, an attacker uses URLs that closely resemble the victim’s intended destination, which is used to direct the victim to a reverse proxy server. Usually, a reverse proxy server sits in front of a webserver to help balance the network load and provide increases in performance, reliability, and security. In MITM phishing attacks, the proxy server is used by the attacker to intercept the network communication between the victim’s computer and the real web server. Furthermore, the MITM server uses a TLS certificate generated by the attacker, allowing full HTTPS decryption, hence the ability to capture sensitive information such as credentials and