Adversary-in-the-
MiddleʢAiTMʣ
• ϑΟογϯάαΠτ͕தؒऀͱͳ
Γਖ਼نͷαʔϏεʹϩάΠϯࢼߦ
• ύεϫʔυ + SMS/Email OTP
• ύεϫʔυ + ೝূΞϓϦ
• ޭ͢ΔͱϩάΠϯηογϣϯࣗ
ମ(Cookie/Token)ΛऔಘՄೳ
ग़య : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point toɹ
further
fi
nancial fraud - Microsoft Security Blog
https://xn--microsoft-921o9813a.com/en-us/security/blog/2022/07/12/from-
cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-
fi
nancial-fraud/
Slide 18
Slide 18 text
Adversary-in-the-MiddleʢAiTMʣͷΈ
18
ग़య : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point toɹfurther
fi
nancial fraud - Microsoft Security Blog
https://xn--microsoft-921o9813a.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-
fi
nancial-fraud/
example.com
example.net
Slide 19
Slide 19 text
Adversary-in-the-MiddleʢAiTMʣͷΈ
19
ग़య : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point toɹfurther
fi
nancial fraud - Microsoft Security Blog
https://xn--microsoft-921o9813a.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-
fi
nancial-fraud/
ύεϫʔυΛਖ਼ن
αʔϏεʹૹΔ
example.com
example.net
Slide 20
Slide 20 text
Adversary-in-the-MiddleʢAiTMʣͷΈ
20
ग़య : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point toɹfurther
fi
nancial fraud - Microsoft Security Blog
https://xn--microsoft-921o9813a.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-
fi
nancial-fraud/
ύεϫʔυΛਖ਼ن
αʔϏεʹૹΔ
50514.4051
ೖྗը໘Λදࣔ
example.com
example.net
Slide 21
Slide 21 text
Adversary-in-the-MiddleʢAiTMʣͷΈ
21
ग़య : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point toɹfurther
fi
nancial fraud - Microsoft Security Blog
https://xn--microsoft-921o9813a.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-
fi
nancial-fraud/
ύεϫʔυΛਖ਼ن
αʔϏεʹૹΔ
50514.4051
ೖྗը໘Λදࣔ
50514.4051Λ
ਖ਼نαʔϏεʹૹΔ
example.com
example.net
Slide 22
Slide 22 text
Adversary-in-the-MiddleʢAiTMʣͷΈ
22
ग़య : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point toɹfurther
fi
nancial fraud - Microsoft Security Blog
https://xn--microsoft-921o9813a.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-
fi
nancial-fraud/
ύεϫʔυΛਖ਼ن
αʔϏεʹૹΔ
50514.4051
ೖྗը໘Λදࣔ
50514.4051Λ
ਖ਼نαʔϏεʹૹΔ
ϩάΠϯηογϣϯΛ
औಘՄೳ
example.com
example.net
ύεϫʔυϚωʔδϟʔʹΑΔରࡦ
24
ग़య : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point toɹfurther
fi
nancial fraud - Microsoft Security Blog
https://xn--microsoft-921o9813a.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-
fi
nancial-fraud/
ਖ਼نαʔϏεͷύεϫʔυ͕
ϑΟογϯάαʔϏεʹఏҊ͞Εͳ͍
example.com
example.net
Slide 25
Slide 25 text
WebOTPʹΑΔରࡦ
25
ग़య : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point toɹfurther
fi
nancial fraud - Microsoft Security Blog
https://xn--microsoft-921o9813a.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-
fi
nancial-fraud/
ύεϫʔυΛਖ਼ن
αʔϏεʹૹΔ
50514.4051
ೖྗը໘Λදࣔ
ϑΟογϯάαʔϏεʹ051ࣗಈೖྗ͕ߦΘΕͳ͍
example.com
example.net
FIDOͷϑΟογϯάੑ
29
ग़య : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point toɹfurther
fi
nancial fraud - Microsoft Security Blog
https://xn--microsoft-921o9813a.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-
fi
nancial-fraud/
ύεϫʔυΛਖ਼ن
αʔϏεʹૹΔ
'*%0ʹΑΔ
ՃೝূΛཁٻ
example.net example.com
Slide 30
Slide 30 text
FIDOͷϑΟογϯάੑ
30
ग़య : From cookie theft to BEC: Attackers use AiTM phishing sites as entry point toɹfurther
fi
nancial fraud - Microsoft Security Blog
https://xn--microsoft-921o9813a.com/en-us/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-
fi
nancial-fraud/
ύεϫʔυΛਖ਼ن
αʔϏεʹૹΔ
'*%0ʹΑΔ
ՃೝূΛཁٻ
example.net
ϑΟογϯάαΠτʹਖ਼نαʔϏεͷೝূใૹΒΕͳ͍
example.com