A new age of fraud: building resilience against adversary-in-the-middle attacks 

From phishing scams to business email compromise, fraud is continually evolving and cybercriminals are using increasingly refined tactics to exploit vulnerabilities. Adversary-in-the-middle (AiTM) attacks are also rapidly emerging as an advanced technique that poses pervasive physical and digital risk across industries. In fact, recent research shows a 46 percent increase in AiTM attacks compared to 2023. 

Staying ahead of these tactics is increasingly important as fraud becomes more complex. Before we delve into how to actively prevent fraud, we need to firstly explore the nature of AiTM attacks and then look at what’s fueling this increase in fraudulent activity. 

Adversary-in-the-Middle Attacks Capitalize on Vulnerabilities

AiTM fraud occurs when attackers intercept communications to manipulate data, steal information, or gain unauthorized access. These attacks exploit vulnerabilities in systems and people. 

Some of the most common methods to look out for include Address Resolution Protocol (ARP) poisoning, phishing, Wi-Fi eavesdropping, session hijacking, IP spoofing, and Domain Name System spoofing. For example, a cybercriminal might send a phishing email with a link that directs the victim to a fake login page designed to look like a legitimate service. We’ve seen this in Microsoft with the PhaaS toolkit Rockstar 2FA, illustrating how adversaries leverage automation and trusted platforms to scale their operations. In this attack, a Microsoft employee accessed an attachment that led them to a phony website where they authenticated the attacker’s identity through the link. The employee was tricked into performing an identity verification session, which granted the attacker entry to their account. 

AiTM fraud has two distinct types: physical and digital adversary-in-the-middle attacks. In a physical attack, many individuals are forced to provide access to their accounts or are directly involved in these fraudulent schemes. These attacks have escalated in the iGaming sector in the last year. With online gaming, high-frequency transactions occur, particularly in poker or sports betting. The rapid nature of these games makes it difficult to manually review every transaction for potential fraud, necessitating automated fraud detection systems. In a digital attack, the attacker relies on phishing, AI-generated messages, or malware. A phishing attack is designed to trick an individual into revealing sensitive information.

 As technology advances, we face the persistent challenge of increased fraudster sophistication, threatening businesses of all sizes. 

Sectors Hit the Hardest by AiTM & Other Fraudulent Attacks 

In an increasingly digital age, fraud operates without limitations. The impacts are far-reaching, spanning sectors, geographies, and demographics. AiTM attacks impact marketplaces, online gaming, financial services, and mobility/transportation. In the US specifically, AiTM fraud is increasingly targeting financial services and e-commerce. 

Fraudsters employing this attack method will prey on the vulnerabilities of seniors, young adults, or others who may not be as technologically savvy. One-third of Gen X and consumers 55 and over reported seeing fraud last year. Consequences can be severe, ranging from financial loss to compromised user trust. Most online financial abuse such as this involves some form of social engineering. Criminals manipulate a target into revealing information or performing an action that results in the victim experiencing a financial loss. 

Key Factors Accelerating the Surge in AiTM Fraud

In looking closely at the factors driving the alarming rate of AiTM fraud, we’ve determined four key factors that are accelerating the surge:

• AI is transforming the digital economy, and many fraudsters are now weaponizing it. Nearly 78 percent of U.S. decision-makers have seen an increase in the use of AI in fraudulent attacks over the past year. Deepfakes are especially effective against enterprises with disjointed and inconsistent identity management processes and poor cybersecurity.
• Businesses continue to expand their digital footprint. The widespread adoption of online banking and digital payments has created a fertile ground for fraud schemes and AI-driven attacks.
• Attackers are shifting their focus to the weakest link in the security chain: the user. As fraud detection technology improves, attackers shift their focus to exploit the weakest links in security systems, which involve manipulating legitimate users. Attackers find new vulnerabilities to exploit, especially related to user behavior and identity verification.
• Increased complexity of attacks. AiTM attacks have evolved to exploit vulnerabilities in authentication systems, allowing attackers to bypass multi-factor authentication (MFA) and other security measures. This sophistication makes them more effective and harder to detect.

Four Strategies to Thwart AiTM Fraud 

To effectively combat AiTM fraud, businesses must adopt a comprehensive strategy that includes various defenses tailored to their specific needs. The evolving nature of fraud necessitates a multi-layered, data-driven approach that integrates various tools and techniques, like: 

• Implement Certificate Pinning: Use certificate pinning to validate only authorized certificates, blocking any attacker-controlled certificates. This technique helps protect against AiTM attacks and ensures secure communications.
• User Education and Awareness: Businesses should prioritize customer education as part of their fraud prevention strategy. This includes training employees and customers to recognize red flags, such as unexpected login requests or phishing emails, and encouraging best practices for online security, such as avoiding unverified Wi-Fi hotspots.
• Behavioral Analytics: Implement behavioral monitoring systems that analyze user behavior patterns. By establishing a baseline of normal activity, these systems can detect anomalies that may indicate fraudulent activity, allowing for timely intervention.
• Implement Account Lockout Mechanisms: Establish account lockout policies that temporarily disable accounts after a certain number of failed login attempts. This measure can deter automated attacks and alert administrators to potential fraud attempts.

Fraud is changing fast and requires businesses to remain vigilant and agile to counter the evolving tactics and protect their end-users. AiTM threats, in particular, pose significant challenges that cannot be ignored and that traditional fraud detection measures struggle to address. In light of this, continuously monitoring evolving threats and staying informed is imperative. By better understanding what you are up against, you can better prepare and develop a strategic plan that enables you to stay abreast of the transforming landscape. One strategic step to take is to adopt a proactive, multi-layered approach, which can enable you to maintain vigilance and detect and prevent fraud effectively. The result is ultimately maintaining customer trust and loyalty and strengthening your business for the future.

Image Credit: Gustavo Frazao / Shutterstock

Iryna Bondar is a senior fraud group manager on the fraud operations team at Veriff. She puts her analytical, problem-solving, and communication skills to use, leading the Fraud team with a mission to stay one step ahead of fraudsters in the ever-evolving cybersecurity landscape. The team proactively identifies and mitigates potential vulnerabilities, working tirelessly to fortify the organization's defenses against fraudulent activities. Central to her role is the meticulous analysis of metadata gleaned from verification sessions, encompassing device and network information alongside user and document data. Leveraging sophisticated fraud detection mechanisms, Iryna and her team scrutinize this wealth of information to discern patterns indicative of suspicious activity, promptly devising and implementing preventative measures to safeguard against emerging threats.