Security News > 2022 > January > Hackers Using Device Registration Trick to Attack Enterprises with Lateral Phishing

The tech giant said the attacks manifested through accounts that were not secured using multi-factor authentication, thereby making it possible for the adversary to take advantage of the target's bring-your-own-device policy and introduce their own rogue devices using the pilfered credentials.

"Stolen credentials were then leveraged in the second phase, in which attackers used compromised accounts to expand their foothold within the organization via lateral phishing as well as beyond the network via outbound spam."

This was then followed by a second attack wave that abused the lack of MFA protections to enroll an unmanaged Windows device to the company's Azure Active Directory instance and spread the malicious messages.

By connecting the attacker-controlled device to the network, the novel technique made it viable to expand the attackers' foothold, covertly proliferate the attack, and move laterally throughout the targeted network.

The development comes as email-based social engineering attacks continue to be the most dominant means for attacking enterprises to gain initial entry and drop malware on compromised systems.

In addition to turning on MFA, implementing best practices such as good credential hygiene and network segmentation can "Increase the 'cost' to attackers trying to propagate through the network."

News URL

https://thehackernews.com/2022/01/hackers-using-device-registration-trick.html