Beyond Phishing: Detecting MFA Fatigue and Adversary-in-the-Middle at Scale A Practical Playbook for Blue Teams in Resource-Constrained Environments

Authors

  • Emma Davis State University

Keywords:

cybersecurity, phishing, MFA fatigue, adversary-in-the-middle, detection engineering, identity telemetry, SIEM, blue team, incident response

Abstract

This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.

References

Patel, A., & Romero, D. (2024). Hardening MFA Against Prompt Bombing: Telemetry-Driven Rules. Journal of Defensive Security, 12(3), 77–95.

Kurniawan, R., & Li, M. (2023). Detecting AiTM Proxies in the Wild via TLS/JARM Fingerprints. Applied Network Defense, 9(2), 15–31.

Nguyen, T., Weber, J., & Silva, R. (2023). Session Hijacking on the Modern Web: From Cookies to Token Theft. Web Security Perspectives, 7(4), 101–128.

Johnson, A. (2022). Practical Detections for Identity-Centric Threats in SME Environments. Blue Team Engineering Review, 5(1), 1–19.

Widodo, S., & Rahman, D. (2025). Building Low-Cost Detection Pipelines for Cloud Identities. Proceedings of the Security Operations Symposium, 58–72.

Published

2026-01-01

How to Cite

Davis, E. (2026). Beyond Phishing: Detecting MFA Fatigue and Adversary-in-the-Middle at Scale A Practical Playbook for Blue Teams in Resource-Constrained Environments. Proceeding of International Conference on Multidisciplinary Research, 3(1). Retrieved from https://proceedingkptcn.com/index.php/icmr/article/view/94

Issue

Vol. 3 No. 1 (2025): 3rd International Conference on Multidisciplinary Research (ICMR)

Section

Articles

License

Copyright (c) 2025 Emma Davis

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.