Security News > 2022 > August > How a business email compromise attack exploited Microsoft’s multi-factor authentication

To protect the victim's account, the organization had implemented Microsoft MFA through the Microsoft Authenticator app, which should have stopped any use of stolen credentials.
Microsoft MFA doesn't always require a second form of authentication.
The report cited two examples in which a decision by Microsoft MFA not to require the second form of authentication can be problematic.
Microsoft doesn't require a second form of authentication when accessing and changing user authentication methods in the Security Info section of the account profile.
Tips for preventing AiTM attacks that exploit MFA. In a statement sent to TechRepublic, a Microsoft spokesperson also offered recommendations on how to stop AiTM attacks that can exploit multi-factor authentication.
Allow Microsoft Authenticator to be installed only through a Mobile Application Management or Mobile Device Management control set through Microsoft Intune.
News URL
https://www.techrepublic.com/article/email-attack-exploits-microsoft-mfa/
Related news
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- ClickFix attack delivers infostealers, RATs in fake Booking.com emails (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Microsoft: Exchange Online bug mistakenly quarantines user emails (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)
- Microsoft Defender will isolate undiscovered endpoints to block attacks (source)
- Multi-Stage Malware Attack Uses .JSE and PowerShell to Deploy Agent Tesla and XLoader (source)
- Email authentication simplified: How PowerDMARC makes DMARC effortless (source)
- Microsoft fixes machine learning bug flagging Adobe emails as spam (source)
- Nebulous Mantis Targets NATO-Linked Entities with Multi-Stage Malware Attacks (source)