Security News > 2022 > August > How a business email compromise attack exploited Microsoft’s multi-factor authentication
To protect the victim's account, the organization had implemented Microsoft MFA through the Microsoft Authenticator app, which should have stopped any use of stolen credentials.
Microsoft MFA doesn't always require a second form of authentication.
The report cited two examples in which a decision by Microsoft MFA not to require the second form of authentication can be problematic.
Microsoft doesn't require a second form of authentication when accessing and changing user authentication methods in the Security Info section of the account profile.
Tips for preventing AiTM attacks that exploit MFA. In a statement sent to TechRepublic, a Microsoft spokesperson also offered recommendations on how to stop AiTM attacks that can exploit multi-factor authentication.
Allow Microsoft Authenticator to be installed only through a Mobile Application Management or Mobile Device Management control set through Microsoft Intune.
News URL
https://www.techrepublic.com/article/email-attack-exploits-microsoft-mfa/
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Threat actors are using legitimate Microsoft feature to compromise M365 accounts (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- Microsoft fixes Entra ID authentication issue caused by DNS change (source)
- CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)