Security News > 2021 > June > Microsoft: Scammers bypass Office 365 MFA in BEC attacks
Microsoft 365 Defender researchers have disrupted the cloud-based infrastructure used by scammers behind a recent large-scale business email compromise campaign.
"The use of attacker infrastructure hosted in multiple web services allowed the attackers to operate stealthily, characteristic of BEC campaigns," Microsoft 365 Defender Research Team's Stefan Sellmer and Microsoft Threat Intelligence Center security researcher Nick Carr explained.
Legacy auth protocols used to bypass MFA. While the use of stolen credentials for compromising inboxes is blocked by enabling multi-factor authentication, Microsoft also found that the attackers used legacy protocols like IMAP/POP3 to exfil emails and circumvent MFA on Exchange Online accounts when the targets failed to toggle off legacy auth.
In some cases, BEC scammers' methods might seem to lack sophistication and their phishing emails malicious in nature to some, BEC attacks have been behind record-breaking financial losses every year since 2018.
Last month, Microsoft detected another large-scale BEC campaign that targeted over 120 companies using typo-squatted domains registered just a few days before the attacks began.
In other alerts sent last year, the FBI warned of BEC scammers abusing email auto-forwarding and cloud email services like Microsoft Office 365 and Google G Suite in their attacks.
News URL
Related news
- Microsoft Entra "security defaults" to make MFA setup mandatory (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- 65% of office workers bypass cybersecurity to boost productivity (source)
- Microsoft 365 outage takes down Office web apps, admin center (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)