Microsoft warns of an increase in attacks with adversary-in-the-middle (AiTM) phishing techniques, such as those deployed by Storm-1295 and other actors.
These techniques rely on stealing session cookies instead of a signed-in page like traditional phishing.
For example, attackers may use a technique called cirumventing MFA to gain access to a web page.
Unlike typical phishing attacks, incident response procedures for AiTM do not require the revocation of stolen session cookies.
The company also warns that malicious actors are increasingly using these techniques to attack businesses using its PhaaS platform.
It takes advantage of the fact that companies often provide their own services as a service rather than hosting their own servers.