Beyond Phishing: Detecting MFA Fatigue and Adversary-in-the-Middle at Scale:

Michelle Mitchell

Beyond Phishing: Detecting MFA Fatigue and Adversary-in-the-Middle at Scale

A Practical Playbook for Blue Teams in Resource-Constrained Environments

Michelle Mitchell Global University

Keywords: cybersecurity, phishing, MFA fatigue, adversary-in-the-middle, detection engineering, identity telemetry, SIEM, blue team, incident response

Abstract

This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.

Published

2026-01-06

How to Cite

Mitchell, M. (2026). Beyond Phishing: Detecting MFA Fatigue and Adversary-in-the-Middle at Scale: A Practical Playbook for Blue Teams in Resource-Constrained Environments. INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND TECHNOLOGY, 9(1). Retrieved from https://ijcst.com.pk/index.php/IJCST/article/view/507

Download Citation

Issue

Vol. 9 No. 1 (2025): International Journal of Computer Science and Technology (IJCST)

Section

Articles

ARK

https://n2t.net/ark:/70114/ijcst.v9i1.507