Security News > 2022 > January > Hackers Using Device Registration Trick to Attack Enterprises with Lateral Phishing
The tech giant said the attacks manifested through accounts that were not secured using multi-factor authentication, thereby making it possible for the adversary to take advantage of the target's bring-your-own-device policy and introduce their own rogue devices using the pilfered credentials.
"Stolen credentials were then leveraged in the second phase, in which attackers used compromised accounts to expand their foothold within the organization via lateral phishing as well as beyond the network via outbound spam."
This was then followed by a second attack wave that abused the lack of MFA protections to enroll an unmanaged Windows device to the company's Azure Active Directory instance and spread the malicious messages.
By connecting the attacker-controlled device to the network, the novel technique made it viable to expand the attackers' foothold, covertly proliferate the attack, and move laterally throughout the targeted network.
The development comes as email-based social engineering attacks continue to be the most dominant means for attacking enterprises to gain initial entry and drop malware on compromised systems.
In addition to turning on MFA, implementing best practices such as good credential hygiene and network segmentation can "Increase the 'cost' to attackers trying to propagate through the network."
News URL
https://thehackernews.com/2022/01/hackers-using-device-registration-trick.html
Related news
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- TA547 Phishing Attack Hits German Firms with Rhadamanthys Stealer (source)
- FBI warns of massive wave of road toll SMS phishing attacks (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- FIN7 targets American automaker’s IT staff in phishing attacks (source)
- Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (source)
- AI set to play key role in future phishing attacks (source)
- LA County Health Services: Patients' data exposed in phishing attack (source)
- LA County Health Services: Patients' data exposed in phishing attack (source)