These sorts of adversary-in-the-middle attacks have grown increasingly common. In 2022, for instance, a single group used it in a series of attacks that stole more than 10,000 credentials from 137 organizations, and led to the network compromise of authentication provider Twilio, among others.
One company that was targeted in the attack campaign but wasn’t breached was content delivery network Cloudflare. The reason was its use of MFA based on WebAuthn, the standard that makes passkeys work. Services that use WebAuthn are highly resistant to adversary-in-the-middle attacks, if not absolutely immune. There are two reasons for this.
First, WebAuthn credentials are cryptographically bound to the URL they authenticate. In
→ Continue reading at Ars Technica