Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as:

147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft). 
Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google).

But session hijacking isn’t a new technique – so

Attackers are increasingly turning to session hijacking to get around widespread MFA adoption. The data supports this, as:

147,000 token replay attacks were detected by Microsoft in 2023, a 111% increase year-over-year (Microsoft). 
Attacks on session cookies now happen in the same order of magnitude as password-based attacks (Google).

But session hijacking isn’t a new technique – so