Security News

SMB owners across the globe are still relying only on usernames and passwords to secure critical employee, customer, and partner data, according to the Global Small Business Multi-Factor Authentication Study released by the Cyber Readiness Institute. This Help Net Security video covers the highlights of these findings.

Once the attacker has the stolen credentials and session cookies, they can access the victim's email boxes and run a business email compromise campaign, in this case payment fraud, according to Microsoft security researchers. "While AiTM phishing isn't new, our investigation allowed us to observe and analyze the follow-on activities stemming from the campaign - including cloud-based attack attempts - through cross-domain threat data from Microsoft 365 Defender," researchers from the Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center wrote in a blog post.

AiTM phishing steals the session cookie, so the attacker gets authenticated to a session on the user's behalf regardless of the sign-in method the latter uses, researchers said. Attackers are getting wise to organizations' increasing use of MFA to better secure user accounts and creating more sophisticated phishing attacks like these that can bypass it, noted a security professional.

A massive phishing campaign has been targeting Office 365 users in over 10,000 organizations since September 2021 and successfully bypassing multi-factor authentication set up to protect the accounts. The attackers use proxy servers and phishing websites to steal users' password and session cookie.

Microsoft says a massive series of phishing attacks has targeted more than 10,000 organizations starting with September 2021, using the gained access to victims' mailboxes in follow-on business email compromise attacks. In some of the observed attacks, the potential victims were redirected to the landing pages from phishing emails using HTML attachments that acted as gatekeepers ensuring the targets were being sent via the HTML redirectors.

MFA has been in use for decades and is widely recommended by cybersecurity experts, yet 55% of SMBs surveyed are not "Very aware" of MFA and its security benefits, and 54% do not use it for their business. Of the businesses that have not implemented MFA, 47% noted they either didn't understand MFA or didn't see its value.

A clever, new phishing technique uses Microsoft Edge WebView2 applications to steal victim's authentication cookies, allowing threat actors to bypass multi-factor authentication when logging into stolen accounts. D0x has created a new phishing method that uses Microsoft Edge WebView2 applications to easily steal a user's authentication cookies and log into stolen accounts, even if they are secured with MFA. Microsoft Edge WebView2 to the rescue.

In this video for Help Net Security, Dan Lohrmann, Field CISO at Presidio, talks about multi factor authentication and how everyone should consider it to protect their identity and accounts. They have been used for years and the problems with passwords have been well documented.

As in the Coinbase incident, many MFA bypass attacks begin with a phishing attack. Organizations use MFA to protect users against these attacks.

A new campaign from the hacking group tracked as APT36, aka 'Transparent Tribe' or' Mythic Leopard,' has been discovered using new custom malware and entry vectors in attacks against the Indian government. The particular threat actor has been active since at least 2016, based in Pakistan, and its targets have historically been almost exclusively Indian defense and government entities.