Security News > 2022 > August > How a business email compromise attack exploited Microsoft’s multi-factor authentication
To protect the victim's account, the organization had implemented Microsoft MFA through the Microsoft Authenticator app, which should have stopped any use of stolen credentials.
Microsoft MFA doesn't always require a second form of authentication.
The report cited two examples in which a decision by Microsoft MFA not to require the second form of authentication can be problematic.
Microsoft doesn't require a second form of authentication when accessing and changing user authentication methods in the Security Info section of the account profile.
Tips for preventing AiTM attacks that exploit MFA. In a statement sent to TechRepublic, a Microsoft spokesperson also offered recommendations on how to stop AiTM attacks that can exploit multi-factor authentication.
Allow Microsoft Authenticator to be installed only through a Mobile Application Management or Mobile Device Management control set through Microsoft Intune.
News URL
https://www.techrepublic.com/article/email-attack-exploits-microsoft-mfa/
Related news
- Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Microsoft 365 Admin portal abused to send sextortion emails (source)
- Latest Multi-Stage Attack Scenarios with Real-World Examples (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Microsoft dangles $10K for hackers to hijack LLM email service (source)