Microsoft: 10,000 Orgs Targeted in Phishing Attack That Bypasses Multifactor Authentication

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft: 10,000 Orgs Targeted in Phishing Attack That Bypasses Multifactor Authentication


The massive phishing campaign does not exploit a vulnerability in MFA. Instead, it spoofs an Office 365 authentication page to steal credentials.



Microsoft recently discovered a widespread phishing attack campaign targeting Office 365 users that lures victims to a phony Office authentication page where it pilfers their credentials and later executes a second wave of attack, business email compromise (BEC), using intel gathered from their email accounts.
The attackers behind the campaign have targeted more than 10,000 organizations since September 2021, according to Microsoft, and employ the Evilginx2 phishing kit as the infrastructure for hijacking the authentication process. We also uncovered similarities in their post-breach activities, including sensitive data enumeration in the target’s mailbox and payment frauds, according to
a post by the Microsoft 365 Defender Research Team
that details the attacks.
The man-in-the-middle attack — or, as Microsoft now calls it, adversary-in-the-middle (AiTM) — sets up a proxy server that sits between the victim and the actual authentication page. Such a setup allows the attacker to steal and intercept the targets password and the session cookie that proves their ongoing and authenticated session with the website. Note that this is not a vulnerability in MFA; since AiTM phishing steals the session cookie, the attacker gets authenticated to a session on the user’s behalf, regardless of the sign-in method the latter uses, Microsoft said in its post.
Organizations should up their MFA game with conditional access policies, which vet sign-in requests based on identity, IP location, and device status, for example, according to Microsoft.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft: 10,000 Orgs Targeted in Phishing Attack That Bypasses Multifactor Authentication