Security News > 2021 > June > Microsoft: Scammers bypass Office 365 MFA in BEC attacks
Microsoft 365 Defender researchers have disrupted the cloud-based infrastructure used by scammers behind a recent large-scale business email compromise campaign.
"The use of attacker infrastructure hosted in multiple web services allowed the attackers to operate stealthily, characteristic of BEC campaigns," Microsoft 365 Defender Research Team's Stefan Sellmer and Microsoft Threat Intelligence Center security researcher Nick Carr explained.
Legacy auth protocols used to bypass MFA. While the use of stolen credentials for compromising inboxes is blocked by enabling multi-factor authentication, Microsoft also found that the attackers used legacy protocols like IMAP/POP3 to exfil emails and circumvent MFA on Exchange Online accounts when the targets failed to toggle off legacy auth.
In some cases, BEC scammers' methods might seem to lack sophistication and their phishing emails malicious in nature to some, BEC attacks have been behind record-breaking financial losses every year since 2018.
Last month, Microsoft detected another large-scale BEC campaign that targeted over 120 companies using typo-squatted domains registered just a few days before the attacks began.
In other alerts sent last year, the FBI warned of BEC scammers abusing email auto-forwarding and cloud email services like Microsoft Office 365 and Google G Suite in their attacks.
News URL
Related news
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Microsoft Office 2024 now available for Windows and macOS users (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- New Mamba 2FA bypass service targets Microsoft 365 accounts (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- EDRSilencer red team tool used in attacks to bypass security (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Microsoft Entra "security defaults" to make MFA setup mandatory (source)