THREAT FOCUS: MFA Isn’t Enough: The Rise of Adversary-in-the-Middle Attacks

Multi-factor authentication has long been the headline control in any credible security posture. Enable it, and you’ve significantly reduced your exposure. For most commodity attacks, that remains true. But a rapidly maturing threat class is rendering standard MFA ineffective, not by breaking it, but by waiting for it to succeed.

Adversary-in-the-Middle (AiTM) attacks work by positioning a reverse proxy server between a victim and a legitimate service such as Microsoft 365. The user receives a convincing phishing lure, lands on what appears to be a genuine login page, enters their credentials, and completes their MFA challenge. Everything feels normal because, technically, it is. The real service has authenticated the user successfully. What the victim doesn’t know is that every exchange passed through the attacker’s infrastructure. The session token issued at the point of successful authentication is harvested in real time, giving the adversary full authenticated access, no password required, no MFA to defeat.

From there, the clock starts immediately. CrowdStrike’s 2025 Global Threat Report recorded an average breakout time of just 29 minutes, with the fastest observed intrusion moving laterally in 51 seconds. Post-compromise activity typically includes Business Email Compromise, silent mailbox monitoring, or further credential harvesting to establish persistence deeper in the environment.

What makes AiTM particularly attractive to criminals right now is accessibility. The Phishing-as-a-Service model has become industrialised, with ready-made toolkits including Tycoon 2FA and EvilProxy, which can automate the complex proxying and session-harvesting processes, placing sophisticated attacks within reach of low-skilled threat actors. The CrowdStrike 2025 Global Threat Report also documented a 442% increase in voice phishing attacks, reflecting a broader shift towards identity-focused intrusion techniques that bypass technical controls entirely by exploiting human trust.

The UK Government’s Cyber Security Breaches Survey 2025/26 confirmed phishing remains the most prevalent attack type, experienced by 38% of businesses in the past year. Yet only 47% of UK businesses have implemented MFA comprehensively across cloud services, even before accounting for whether that MFA is resilient to token theft.

The good news is that the Cyber Essentials v3.3 update, effective April 2026, now makes MFA a mandatory pass-or-fail requirement. Organisations that fail to implement MFA on cloud services where it is available will automatically fail the assessment, regardless of performance elsewhere. That is the right baseline, but it is only a baseline. Standard authenticator apps and push notifications remain vulnerable to AiTM. Phishing-resistant MFA using FIDO2 or passkeys which bind authentication to the device and origin, preventing token relay, is the meaningful upgrade. Layered with behavioural detection capable of identifying anomalous session activity post-authentication, it closes the gap that AiTM is built to exploit.