This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Denbigh-White, C. 2023 Verizon Data Breach Investigations Report: 7 Takeaways. Next DLP, 2024. https://www.nextdlp.com/resources/blog/seven-takeaways-from-2023-verizon-data-breach-investigations-reportSearch in Google Scholar
Ventura, J. Takeaways from the Verizon 2023 Data Breach Investigations Report. ThreatX, 2023. https://www.threatx.com/blog/takeaways-from-the-verizon-2023-data-breach-investigations-report/Search in Google Scholar
Bejamas. What Are AITM Attacks and How to Protect Against Them. Descope, 2024. https://www.descope.com/learn/post/aitm-attackSearch in Google Scholar
Brawner, M., K. Wojcieszek, G. Glass, R. Hicks. Rise in MFA Bypass Leads to Account Compromise. Kroll, 2023. https://www.kroll.com/en/insights/publications/cyber/mfa-bypass-leads-to-account-compromiseSearch in Google Scholar
Trivedi, A. Identifying Adversary-in-the-Middle (AiTM) Phishing Attacks through 3rd-Party Network Detection, 2023. https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/identifying-adversary-in-the-middle-aitm-phishing-attacks/ba-p/3991358Search in Google Scholar
Microsoft Threat Intelligence. Detecting and Mitigating a Multi-Stage AiTM Phishing and BEC Campaign. Microsoft Security Blog, 2023. https://www.microsoft.com/en-us/security/blog/2023/06/08/detecting-and-mitigating-a-multi-stage-aitm-phishing-and-bec-campaign/Search in Google Scholar
APWG. Phishing Activity Trends Report, 2024. https://docs.apwg.org/reports/apwg_trends_report_q4_2023.pdfSearch in Google Scholar
Alkhalil, Z., C. Hewage, L. Nawaf, I. Khan. Phishing Attacks: A Recent Comprehensive Study and a New Anatomy. – Front. Comput. Sci., Vol. 3, March 2021. DOI: 10.3389/fcomp.2021.563060.Search in Google Scholar
Arctic Wolf. History of Cybercrime. Arctic Wolf, 2024. https://arcticwolf.com/resources/blog/decade-of-cybercrime/Search in Google Scholar
Microsoft Threat Intelligence. Microsoft Digital Defense Report 2023 (MDDR), 2023. https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023Search in Google Scholar
Naqvi, B., K. Perova, A. Farooq, I. Makhdoom, S. Oyedeji, J. Porras. Mitigation Strategies against the Phishing Attacks: A Systematic Literature Review. – Computers & Security, Vol. 132, 2023, 103387. DOI: 10.1016/j.cose.2023.103387.Search in Google Scholar
IBM. Cost of a Data Breach 2024 | IBM. Cost of a Data Breach Report, 2024. https://www.ibm.com/reports/data-breachSearch in Google Scholar
Desolda, G., L. Ferro, A. Marrella, M. Costabile, T. Catarci. Human Factors in Phishing Attacks: A Systematic Literature Review. – ACM Computing Surveys, Vol. 54, 2022, No 35. DOI: 10.1145/3469886.Search in Google Scholar
Birgisson, A., D. K. Smetters. So Long Passwords, Thanks for all the Phish. Google Online Security Blog, 2023. https://security.googleblog.com/2023/05/so-long-passwords-thanks-for-all-phish.htmlSearch in Google Scholar
Proofpoint. 2024 State of the Phish Report: Phishing Statistics & Trends | Proofpoint US. Proofpoint, 2024. https://www.proofpoint.com/us/resources/threat-reports/state-of-phishSearch in Google Scholar
NIST. NIST Special Publication 800-63B. Digital Identity Guidelines Authentication and Lifecycle Management, 2017. https://pages.nist.gov/sp800-63b.htmlSearch in Google Scholar
Mandiant. M-Trends 2023 Special Report. Mandiant, 2023. https://www.mandiant.com/resources/reports/m-trends-2023-special-reportSearch in Google Scholar
MITRE. Modify Authentication Process, Technique T1556 – Enterprise | MITRE ATT&CK®. The MITRE Corporation, 2023. https://attack.mitre.org/techniques/T1556/Search in Google Scholar
Mohapatra, H., S. Rath, S. Panda, R. Kumar. Handling of Man-In-The-Middle Attack in WSN. – Intrusion Detection System, Vol. 8, May 2020, pp. 1503-1510.Search in Google Scholar
Amft, S., S. Höltervennhoff, N. Huaman, A. Krause, L. Simko, Y. Acar, S. Fahl. “We’ve Disabled MFA for You”: An Evaluation of the Security and Usability of Multi-Factor Authentication Recovery Deployments. – In: Proc. of 2023 ACM SIGSAC Conference on Computer and Communications Security (CCS ’23), 21 November 2023. Association for Computing Machinery, New York, NY, USA, 2023, pp. 3138-3152. DOI: 10.1145/3576915.3623180.Search in Google Scholar
Gavazzi, A., R. Williams, E. Kirda, L. Lu, A. King, A. Davis, T. Leek. A Study of {Multi-Factor} and {Risk-Based} Authentication Availability. 2023, pp. 2043-2060. https://www.usenix.org/conference/usenixsecurity23/presentation/gavazziSearch in Google Scholar
Rajendran, H. H. Enhance MITM Attack Detection with Response Time in Secure Web Communication. Masters. Dublin, National College of Ireland, 2022. https://norma.ncirl.ie/6540/Search in Google Scholar
Chavoshi, H. R., A. H. Salasi, O. Payam, H. Khaloozadeh. Man-in-the-Middle Attack Against a Network Control System: Practical Implementation and Detection. – In: Proc. of 64th IEEE International Scientific Conference on Information Technology and Management Science of Riga Technical University (ITMS), October 2023, pp. 1-6. DOI: 10.1109/ITMS59786.2023.10317671.Search in Google Scholar
Cekerevac, Z., P. Cekerevac, L. Prigoda, F. Al-Naima. Security Risks from the Modern Man-in-the-Middle Attacks.Search in Google Scholar
OWASP. OWASP Top 10, 2023: A10 Browser-in-the-Browser Attacks. Open Web Application Security Project, 2023. https://owasp.org/www-project-top-ten/Search in Google Scholar
Rescorla, E. Security Considerations for WebRTC. – Internet Engineering Task Force, 2021. DOI: 10.17487/RFC8826.Search in Google Scholar
Perception Point. What Is a Browser-in-the-Browser (BitB) Attack? Perception Point, 2024. https://perception-point.io/guides/phishing/what-is-a-browser-in-the-browser-bitb-attack/Search in Google Scholar
Mozilla. Web Security Guidelines: Pop-up Authentication Windows. Mozilla Web Security, 2024. https://infosec.mozilla.org/guidelines/web_securitySearch in Google Scholar
FBI. Internet Crime Report 2023. Federal Bureau of Investigation. https://www.fbi.gov/contact-us/field-offices/sanfrancisco/news/fbi-releases-internet-crime-reportSearch in Google Scholar
FS-ISAC. Global Intelligence Office Report: BiTB Attacks in Financial Services, 2024. https://www.fsisac.com/newsroom/fsisac-report-finds-global-cyberthreats-accelerate-as-cybercriminals-and-nation-state-actors-converge-and-collaborateSearch in Google Scholar
Alsaffar, M., S. Aljaloud, B. A. Mohammed, Z. G. Al-Mekhlafi, T. S. Almurayziq, G. Alshammari, A. Alshammari. Detection of Web Cross-Site Scripting (XSS) Attacks. – Electronics, Vol. 11, January 2022, No 14, 2212. DOI: 10.3390/electronics11142212.Search in Google Scholar
Kusumo, W., A. Erlangga, M. R. Ramadhan. Potential Security Issues in Implementing IaaS and PaaS Cloud Service Models.Search in Google Scholar
Europol. Internet Organised Crime Threat Assessment (IOCTA) 2023. Europol, 2024. https://www.europol.europa.eu/publication-events/main-reports/internet-organised-crime-threat-assessment-iocta-2023Search in Google Scholar
SWIFT. Swift Customer Security Controls Framework. Society for Worldwide Interbank Financial Telecommunication, 2024. https://www.swift.com/myswift/customer-security-programme-csp/security-controlsSearch in Google Scholar
FinCEN. Financial Trend Analysis: Cybercrime and Cyber-Enabled Crime Against Financial Institutions. Financial Crimes Enforcement Network, 2024. https://www.fincen.gov/resources/financial-trend-analysesSearch in Google Scholar
HHS. Healthcare Cybersecurity Report: Rising Threats in Medical Systems, 2023. https://www.hhs.gov/about/news/2023/04/17/hhs-cybersecurity-task-force-provides-new-resources-help-address-rising-threat-cyberattacks-health-public-health-sector.htmlSearch in Google Scholar
OCR. HIPAA Security Rule Compliance Guide, 2009. https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.htmlSearch in Google Scholar
CISA. Federal Civilian Executive Branch Agency Cybersecurity Incident and Vulnerability Response Playbooks, 2024. https://www.cisa.gov/resources-tools/resources/federal-government-cybersecurity-incident-and-vulnerability-response-playbooksSearch in Google Scholar
O’Brien, J. Higher Education Information Security Council Report: Phishing in Academia. EDUCAUSE Review, 2020. https://er.educause.edu/articles/2020/5/digital-ethics-in-higher-education-2020Search in Google Scholar
Gartner. Market Guide for Zero Trust Network Access. Gartner, 2023. https://www.gartner.com/en/documents/4632099Search in Google Scholar
Google. Safe Browsing: Protecting Web Users for 15 Years and Counting. Google Security Blog, 2023, 2024. https://www.googblogs.com/category/online-security-blog/page/3/Search in Google Scholar
FIDO Alliance. FIDO2: Web Authentication (WebAuthn). FIDO Technical Specifications, 2023. https://fidoalliance.org/specs/fido-v2.2-rd-20230321/fido-client-to-authenticator-protocol-v2.2-rd-20230321.htmlSearch in Google Scholar
BeEFProject. BeEF – The Browser Exploitation Framework Project. https://beefproject.com/Search in Google Scholar
OWASP. Cross Site Scripting (XSS) | OWASP Foundation. https://owasp.org/www-community/attacks/xss/Search in Google Scholar
Gillis, A. S. What is a Man-in-the-Browser Attack? Security. https://www.techtarget.com/searchsecurity/definition/man-in-the-browserSearch in Google Scholar
