Prevention for AiTm Attacks
The solution lies in more comprehensive and integrated authentication security coordinated across multiple attack vectors. These security measures should include, at a minimum:
- Strong Anti-Phishing Policies: Any solid authentication security starts by educating individuals about the dangers they face. And it’s sad to say that there is a reason that phishing is one of the most popular and effective ways to attack these systems. It’s non-negotiable to train your employees on phishing strategies, including how to identify phishing emails and avoid them. Additionally, implement email and messaging controls to warn against phishing. For example, it’s relatively simple to deploy in-message warning banners for any email from outside your domain.
- System Monitoring and Auto-Access Revocation: Prevention involves monitoring systems for potential breaches. Modern security tools like CISO dashboards, logging utilities, and Security and Information and Event Management (SIEM) suites make monitoring strange behavior feasible. Alongside monitoring, you should have a trip switch that you can use to revoke access rights for any account at any time. If any account is compromised, you must have the power to turn off that account, or any number of accounts, within minutes.
- Utilize FIDO 2.0 Authentication: FIDO 2.0 includes several new features for authentication that can mitigate anti-MFA attacks like AiTM. For example, FIDO uses WebAuthn to implement methods to ensure a website is who they claim to be, which can stop website phishing attacks dead in their tracks.
- Utilize Conditional Access Policies: More advanced access policies can be implemented in the network’s configuration, including who and what a user can access with their machine. Setting conditional policies against connecting to sites that don’t meet client standards or don’t fall into a specific list of domains can cut off AiTM phishing attacks.