Security News > 2022 > July > Phishers steal Office 365 users’ session cookies to bypass MFA, commit payment fraud
A massive phishing campaign has been targeting Office 365 users in over 10,000 organizations since September 2021 and successfully bypassing multi-factor authentication set up to protect the accounts.
The attackers use proxy servers and phishing websites to steal users' password and session cookie.
Their ultimate goal is to access finance-related emails and to hijack ongoing email threads to commit payment fraud and mount business email compromise campaigns against other targets, Microsoft researchers explained.
Phishing Office 365 targets with MFA enabled on their accounts.
There are ways to bypass MFA, and attackers are trying them all: rogue apps, vulnerabilities, legacy authentication protocols, spamming a target user with MFA prompts, and others.
"MFA is still very effective at stopping a wide variety of threats; its effectiveness is why AiTM phishing emerged in the first place. Organizations can thus make their MFA implementation 'phish-resistant' by using solutions that support Fast ID Online v2.0 and certificate-based authentication," they noted, and suggested additional solutions and best practices that can be implemented to stymie attackers using these particular tactics.
News URL
https://www.helpnetsecurity.com/2022/07/13/office-365-phishing-mfa/
Related news
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- HPE notifies employees of data breach after Russian Office 365 hack (source)
- Microsoft MFA outage blocking access to Microsoft 365 apps (source)
- Azure, Microsoft 365 MFA outage locks out users across regions (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass (source)