Security News > 2022 > August > Phishers use custom phishing kit to hijack MFA-protected enterprise Microsoft accounts
An ongoing, large-scale phishing campaign is targeting owners of business email accounts at companies in the FinTech, Lending, Insurance, Energy and Manufacturing sectors in the US, UK, New Zealand and Australia, Zscaler researchers are warning.
The attackers are using a variety of tecniques and tactics to evade corporate email security solutions and a custom phishing kit that allows them to bypass multi-factor authentication protection to hijack enterprise Microsoft accounts.
According to the researchers, the threat actor behing the campaign is using various cloaking and browser fingerprinting techniques to bypass automated URL analysis systems, and diverse URL redirection methods to evade corporate email URL analysis solutions.
Because of some unique attributes - HTML parsing, lack of domain traslation - the researchers believe that the attackers are using a custom adversary-in-the-middle phishing kit to phish the targets' second authentication factor as well as their email credentials.
"This indicates that the threat actor might have compromised the corporate emails of chief executives of these organizations using this phishing attack and later used these compromised business emails to send further phishing emails as part of the same campaign."
"As an extra precaution, users should not open attachments or click on links in emails sent from untrusted or unknown sources. As a best practice, in general, users should verify the URL in the address bar of the browser before entering any credentials," the researchers advised.
News URL
https://www.helpnetsecurity.com/2022/08/03/hijack-microsoft-accounts/
Related news
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft creates fake Azure tenants to pull phishers into honeypots (source)
- Why Phishing-Resistant MFA Is No Longer Optional: The Hidden Risks of Legacy MFA (source)
- Microsoft Entra "security defaults" to make MFA setup mandatory (source)
- Microsoft disrupts ONNX phishing-as-a-service infrastructure (source)