Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as:
147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft).
Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google).
But session hijacking isn’t a new technique – so