Security News > 2022 > August > How a business email compromise attack exploited Microsoft’s multi-factor authentication
To protect the victim's account, the organization had implemented Microsoft MFA through the Microsoft Authenticator app, which should have stopped any use of stolen credentials.
Microsoft MFA doesn't always require a second form of authentication.
The report cited two examples in which a decision by Microsoft MFA not to require the second form of authentication can be problematic.
Microsoft doesn't require a second form of authentication when accessing and changing user authentication methods in the Security Info section of the account profile.
Tips for preventing AiTM attacks that exploit MFA. In a statement sent to TechRepublic, a Microsoft spokesperson also offered recommendations on how to stop AiTM attacks that can exploit multi-factor authentication.
Allow Microsoft Authenticator to be installed only through a Mobile Application Management or Mobile Device Management control set through Microsoft Intune.
News URL
https://www.techrepublic.com/article/email-attack-exploits-microsoft-mfa/
Related news
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Over 5,000 Fake Microsoft Notifications Fueling Email Compromise Campaigns (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts (source)
- Microsoft fixes Outlook email sending issue for users with many folders (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Outlook bug blocks email logins, causes app crashes (source)
- SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack (source)