Security News > 2022 > July > Microsoft: Phishing bypassed MFA in attacks against 10,000 orgs
Microsoft says a massive series of phishing attacks has targeted more than 10,000 organizations starting with September 2021, using the gained access to victims' mailboxes in follow-on business email compromise attacks.
In some of the observed attacks, the potential victims were redirected to the landing pages from phishing emails using HTML attachments that acted as gatekeepers ensuring the targets were being sent via the HTML redirectors.
"A large-scale phishing campaign that used adversary-in-the-middle phishing sites stole passwords, hijacked a user's sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication," the Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center said.
The phishing process employed in this large-scale phishing campaign can be automated with the help of several open-source phishing toolkits, including the widely-used Evilginx2, Modlishka, and Muraena.
To defend against such attacks, Microsoft recommends using "Phish-resistant" MFA implementations with certificate-based authentication and Fast ID Online v2.0 support.
"While AiTM phishing attempts to circumvent MFA, it's important to underscore that MFA implementation remains an essential pillar in identity security," Redmond added.
News URL
Related news
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Australian Organisations Targeted by Phishing Attacks Disguised as Atlassian (source)
- Free Sniper Dz Phishing Tools Fuel 140,000+ Cyber Attacks Targeting User Credentials (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks (source)
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA (source)