https://aes-journal.com/index.php/ais-tes <p>The objective of the online journal 'AIS Transaction on Enterprise Systems' (AIS-TES) is to connect researchers, practitioners and students in the field of enterprise systems to one innovative community and promote and encourage knowledge exchange. Scientists from all over the world can publish their articles and stay in dialogue with colleagues and industry. It also aims at discovering and defining new directions of research and topics. AIS Transaction on Enterprise Systems is an international open access online journal with an issue appearing every six months. Contributions addressing any topic regarding enterprise systems are welcome. AIS Transaction on Enterprise Systems publishes original papers, case studies and reviews. Submitted articles must not have been previously published or currently submitted for journal publication elsewhere. This journal is released in association with the <span id="ctl00_PageContent_lblProductName"><a href="https://aisnet.org/page/AISSIGs#collapseSixteen">SIG Enterprise-level Information Systems (SIG ENTSYS)</a> </span>of the <a href="https://aisnet.org/" target="_blank" rel="noopener">Association for Information Systems</a></p> Gito mbH Verlag für Industrielle Informationstechnik und Organisation en-US AIS Transactions on Enterprise Systems 1867-7134 https://aes-journal.com/index.php/ais-tes/article/view/57 <p>This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.</p> Paul Hernandez Copyright (c) https://aes-journal.com/index.php/ais-tes/article/view/56 <p>This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.</p> Lisa Jones Copyright (c) https://aes-journal.com/index.php/ais-tes/article/view/55 <p>This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.</p> Maria Young Copyright (c) https://aes-journal.com/index.php/ais-tes/article/view/54 <p>This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.</p> John Adams Copyright (c) https://aes-journal.com/index.php/ais-tes/article/view/53 <p>This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.</p> James Moore Copyright (c) https://aes-journal.com/index.php/ais-tes/article/view/51 <p>This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.</p> Karen Rivera Copyright (c) https://aes-journal.com/index.php/ais-tes/article/view/50 <p>This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.</p> Brenda Diaz Copyright (c) https://aes-journal.com/index.php/ais-tes/article/view/49 <p>This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.</p> Ryan Phillips Copyright (c) https://aes-journal.com/index.php/ais-tes/article/view/47 <p>This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.</p> Dorothy Lee Copyright (c) https://aes-journal.com/index.php/ais-tes/article/view/45 <p>This study proposes a defender-centric strategy to detect and contain two fast-rising attack patterns—MFA fatigue and Adversary-in-the-Middle (AiTM)—without relying on expensive tooling. We introduce a lightweight pipeline that fuses identity telemetry (push frequency anomalies, impossible travel), web gateway indicators (suspicious reverse-proxy domains), and endpoint signals (token theft heuristics) into actionable detections. Evaluated across 15 small-to-medium organizations, the approach reduced median time-to-detect by 63% and cut successful account takeovers by 41% over eight weeks. We document failure modes (e.g., noisy travel baselines), provide hardening tips (phishing-resistant MFA, conditional access, token binding), and publish query patterns that can be adapted to common SIEM/XDR platforms. The results indicate that defenders can meaningfully blunt modern phishing and session-hijacking campaigns with modest engineering effort and targeted telemetry enrichment.</p> Sarah Thomas Copyright (c)