Email security, Vulnerability Management

Microsoft: Widespread MFA-evading phishing attacks trigger BEC attacks

More than 10,000 organizations have been targeted by a massive phishing campaign with multi-factor authentication bypass that commenced last September, prompting later business email compromise attacks, according to BleepingComputer. Attackers created landing pages impersonating Office 365's online authentication page to evade the MFA process, with some potential victims observed to be redirected to landing pages through HTML attachments in phishing emails, said Microsoft. Stolen credentials and session cookies were then leveraged to access users' mailboxes and conduct BEC attacks against other users. Microsoft noted that threat actors used phishing sites as reverse proxies, with the phishing page serving as a man-in-the-middle agent to compromise the authentication process. Such attacks have prompted Microsoft to recommend the use of "phish-resistant" MFA through certificate-based authentication and Fast ID Online v2.0 support. Organizations have also been urged to adopt suspicious sign-in and mailbox activity tracking and conditional access policies to avert such risks. "While [adversary-in-the-middle] phishing attempts to circumvent MFA, it's important to underscore that MFA implementation remains an essential pillar in identity security," Microsoft added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.