Security News > 2021 > June > Microsoft: Scammers bypass Office 365 MFA in BEC attacks
Microsoft 365 Defender researchers have disrupted the cloud-based infrastructure used by scammers behind a recent large-scale business email compromise campaign.
"The use of attacker infrastructure hosted in multiple web services allowed the attackers to operate stealthily, characteristic of BEC campaigns," Microsoft 365 Defender Research Team's Stefan Sellmer and Microsoft Threat Intelligence Center security researcher Nick Carr explained.
Legacy auth protocols used to bypass MFA. While the use of stolen credentials for compromising inboxes is blocked by enabling multi-factor authentication, Microsoft also found that the attackers used legacy protocols like IMAP/POP3 to exfil emails and circumvent MFA on Exchange Online accounts when the targets failed to toggle off legacy auth.
In some cases, BEC scammers' methods might seem to lack sophistication and their phishing emails malicious in nature to some, BEC attacks have been behind record-breaking financial losses every year since 2018.
Last month, Microsoft detected another large-scale BEC campaign that targeted over 120 companies using typo-squatted domains registered just a few days before the attacks began.
In other alerts sent last year, the FBI warned of BEC scammers abusing email auto-forwarding and cloud email services like Microsoft Office 365 and Google G Suite in their attacks.
News URL
Related news
- Cox fixed an API auth bypass exposing millions of modems to attacks (source)
- Microsoft launches cybersecurity program to tackle attacks, protect rural hospitals (source)
- New Attack Technique Exploits Microsoft Management Console Files (source)
- 'Skeleton Key' attack unlocks the worst of AI, says Microsoft (source)
- Microsoft 365, Office users hit by wave of ‘30088-27’ update errors (source)
- Microsoft links Scattered Spider hackers to Qilin ransomware attacks (source)