Security News > 2023 > June > New phishing and business email compromise campaigns increase in complexity, bypass MFA
A report from the Microsoft Defender Experts reveals a new multi-staged adversary in the middle phishing attack combined with a business email compromise attack targeting banking and financial institutions.
The phishing email impersonates one of the target's trusted vendors to appear more legitimate and blend with legitimate email traffic and bypass detections, especially when an organization has policies to automatically allow emails from trusted vendors.
Once the attacker was in possession of a valid session cookie, they started accessing email conversations and documents hosted in the cloud and generated a new access token in order to use the stolen session for longer.
After the phishing emails were sent, the attacker monitored the mailbox and responded to the recipients, who answered with doubts about the phishing email, to falsely confirm that the email was legitimate.
Since the initial attack vector is a phishing email, it is necessary to deploy mailbox security solutions that can detect phishing attempts and raise alerts on emails coming from outside of the company when they follow suspicious behavioral patterns.
Email boxes suddenly starting to send a massive number of emails or suddenly forwarding a lot of emails to another email address should raise alerts and be analyzed carefully.
News URL
https://www.techrepublic.com/article/microsoft-news-business-email-compromise-attacks-phishing/
Related news
- Threat actors are stepping up their tactics to bypass email protections (source)
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)
- Phishers send corrupted documents to bypass email security (source)
- European companies hit with effective DocuSign-themed phishing emails (source)
- Ongoing phishing attack abuses Google Calendar to bypass spam filters (source)