Tracking the Adversaries in the Middle
Adversary in The Middle (AiTM) attacks and token theft has grown steadily as MFA becomes more widely adopted. From our managed SOC we have observed how the right phishing email, at the right time, from a compromised sender makes it extremely difficult for the end-user to discern good from evil. Often these attacks arrive from the compromised emails of a trusted partner, supplier, or co-worker. Sometimes just mere moments after a conversation has taken place between the two victims. Phishing awareness and training can only help so much. In this talk, Lex will present how we have tackled the rise in AiTM from the Threat Intelligence perspective. It goes into the details of how we started and eventually systemised our collection of AiTM kits and from this collection created intelligence products for both our internal detection engineers and the security analysts within the SOC. Lastly, he will discuss some recommendations for hardening environments against these attacks.
Speaker
Lex Crielaars
Cybersecurity Specialist at mnemonic
As the former CTO of one of the largest, dedicated data analytics consultancy companies in the Benelux, Lex has always had an eye for how to transform data into information, knowledge and ultimately: wisdom. He now applies his keen, analytical mind in the detection of anomalies. Things you don't want to see in your security logs but are looking for anyway.... read more