As soon as inside, attackers can add new authentication strategies to bypass these already in place, typically with the purpose of constructing a rule to divert sure mail in order that the consumer or proprietor of the mailbox doesn’t see it being despatched.
Stopping AiTM assaults requires a mixture of strategies
To stop AiTM assaults, Microsoft recommends utilizing security defaults as a baseline set of insurance policies to enhance identification security posture. For extra granular management, you’ll wish to allow conditional entry insurance policies; implementing risk-based entry insurance policies is especially useful.
“Conditional entry insurance policies consider sign-in requests utilizing extra identity-driven alerts like consumer or group membership, IP location data, and gadget standing, amongst others, and are enforced for suspicious sign-ins,” in response to Microsoft.