Microsoft: Phishing bypassed MFA in attacks against 10,000 orgs
By Sergiu Gatlan July 12, 2022 01:02 PM
Microsoft says a massive series of phishing attacks has targeted more than 10,000 organizations starting with September 2021, using the gained access to victims’ mailboxes in follow-on business email compromise (BEC) attacks.
The threat actors used landing pages designed to hijack the Office 365 authentication process (even on accounts protected by multifactor authentication (MFA) by spoofing the Office online authentication page.
In some of the observed attacks, the potential victims were redirected to the landing pages from phishing emails using HTML attachments that acted as gatekeepers ensuring the targets were being sent via the HTML redirectors.
After stealing the targets’ credentials and their session cookies, the threat actors behind these attacks logged into the victims’ email accounts. They subsequently used their access in business email compromise (BRC) campaigns targeting other organizations.
“A large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication (MFA),” the Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center (MSTIC) said.
“The attackers then used the stolen credentials and session cookies to access affected users’ mailboxes and perform follow-on business email compromise (BEC) campaigns against other targets.”
Roy Miehe | MspPortal Partners Inc. | Ceo/President Security Software Distributor: Bitdefender , Barracuda, RackSpace, Axcient
“Where Service and Technical Skills Count”
Barracuda is the play from a security standpoint