https://aes-journal.com/index.php/ais-tes <p>The objective of the online journal 'AIS Transaction on Enterprise Systems' (AIS-TES) is to connect researchers, practitioners and students in the field of enterprise systems to one innovative community and promote and encourage knowledge exchange. Scientists from all over the world can publish their articles and stay in dialogue with colleagues and industry. It also aims at discovering and defining new directions of research and topics. AIS Transaction on Enterprise Systems is an international open access online journal with an issue appearing every six months. Contributions addressing any topic regarding enterprise systems are welcome. AIS Transaction on Enterprise Systems publishes original papers, case studies and reviews. Submitted articles must not have been previously published or currently submitted for journal publication elsewhere. This journal is released in association with the <span id="ctl00_PageContent_lblProductName"><a href="https://aisnet.org/page/AISSIGs#collapseSixteen">SIG Enterprise-level Information Systems (SIG ENTSYS)</a> </span>of the <a href="https://aisnet.org/" target="_blank" rel="noopener">Association for Information Systems</a></p> Gito mbH Verlag für Industrielle Informationstechnik und Organisation en-US AIS Transactions on Enterprise Systems 1867-7134 https://aes-journal.com/index.php/ais-tes/article/view/55 <p>This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.</p> Maria Young Copyright (c) https://aes-journal.com/index.php/ais-tes/article/view/54 <p>This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.</p> John Adams Copyright (c) https://aes-journal.com/index.php/ais-tes/article/view/53 <p>This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.</p> James Moore Copyright (c) https://aes-journal.com/index.php/ais-tes/article/view/51 <p>This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.</p> Karen Rivera Copyright (c) https://aes-journal.com/index.php/ais-tes/article/view/50 <p>This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.</p> Brenda Diaz Copyright (c) https://aes-journal.com/index.php/ais-tes/article/view/49 <p>This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.</p> Ryan Phillips Copyright (c) https://aes-journal.com/index.php/ais-tes/article/view/47 <p>This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.</p> Dorothy Lee Copyright (c) https://aes-journal.com/index.php/ais-tes/article/view/45 <p>This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.</p> Sarah Thomas Copyright (c) https://aes-journal.com/index.php/ais-tes/article/view/44 <p>This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.</p> Maria Adams Copyright (c) https://aes-journal.com/index.php/ais-tes/article/view/35 <div><span lang="EN-US">The Metaverse is increasingly discussed as a potential paradigm shift in how public organizations deliver services, collaborate, and engage with citizens. Yet, scholarly understanding of what the Metaverse entails for the public sector remains conceptually fragmented and empirically underdeveloped. This study aims to shape the foundational understanding of Metaverse usage in the public sector by exploring how organizational actors interpret, contextualize, and anticipate its implications and potentials. Drawing on a qualitative interview study at the German Federal Employment Agency with 10 persons (e.g., agency executives, IT specialists, and department managers), the research examines emerging activities and ideas surrounding the Metaverse in the Agency, focusing on a Content and Technology perspective. </span>The analysis identifies different patterns of interpretation among the individuals involved, ranging from technological experimentation to questions of strategic transformation, thus illustrating the coexistence of visionary potential and institutional skepticism.</div> <div><span lang="EN-US"> By conceptualizing these frames, the study advances basic research on the Metaverse in the public sector and contributes to theory-building on digital transformation, organizational innovation, and socio-technical change in public sector organizations.</span></div> Malte Teichmann Andre Schwan Georg David Ritterbusch Virginie Lettkemann Eldar Sultanow Alina Chircu Copyright (c)