Home Factor company Another Phishing Attack That Bypasses Multi-Factor Authentication Targets Microsoft Mail Users

Another Phishing Attack That Bypasses Multi-Factor Authentication Targets Microsoft Mail Users

0

Zscaler cybersecurity research analysts have uncovered a new large-scale phishing campaign targeting Microsoft email users. The primary targets of the campaign are enterprise users, particularly end users in enterprise environments who use Microsoft email services.

image credit: Zscaler

Attackers use so-called Adversary-in-The-Middle (AiTM) techniques to bypass multi-factor authentication (MFA) protections. Microsoft released information about a similar attack in early July. The attack described by Microsoft targeted more than 10,000 organizations and used AiTM techniques to bypass MFA protections.

Zscaler describes the new attack as highly sophisticated. It “uses an adversary-in-the-middle (AiTM) attack technique capable of bypassing multi-factor authentication” and “multiple evasion techniques used at different stages of the attack designed to bypass messaging and security solutions. conventional network security”.

The majority of organizations targeted by the malicious campaign are based in the United States, United Kingdom, New Zealand, and Australia. The main sectors are FinTech, Lending, Finance, Insurance, Accounting, Energy and Federal Credit Union industries.

The attack begins by sending phishing emails to Microsoft email addresses. It all depends on these phishing emails and the users interacting with them. Malicious emails may contain a direct link to a phishing domain or HTML attachments containing the link. In any case, it is necessary for the user to activate the link to trigger the chain of infection.

Similar to the phishing campaign previously described by Microsoft, the uncovered campaign phishing emails use various subject lines to attract users’ attention. One email suggested it contained an invoice to review, another that a new document had been received and needed to be viewed online.

The campaign uses several redirect techniques. For example, he used the legitimate CodeSandbox service in the campaign to “quickly create new code pages, paste a redirect code into them with the latest URL of the phishing site, and mass-mail the link to the code. hosted redirect to victims”.

Phishing sites used fingerprinting techniques to determine if the page visitor is a targeted victim of the campaign or someone else. Zscaler believes this is done to make it harder for security researchers to gain access to phishing sites.

Proxy-based AiTM phishing attacks sit between the user’s device and the target service. They control the flow of data and manipulate it. Ultimately, it retrieves the session cookies generated during the process to access the mail service without having to log in again or complete the login process using MFA.

Conclusion

Phishing campaigns are getting more and more sophisticated, but a common thread for most of them is that they require user activity. Power users know how to scan emails to see if they are from a legitimate sender, but the majority of users lack these skills.

Now you: do you scan emails before opening links or attachments?

Summary

Another Phishing Attack That Bypasses Multi-Factor Authentication Targets Microsoft Mail Users

Article name

Another Phishing Attack That Bypasses Multi-Factor Authentication Targets Microsoft Mail Users

The description

Zscaler cybersecurity research analysts have uncovered a new large-scale phishing campaign targeting Microsoft email users.

Author

Martin Brinkman

Editor

Ghacks Technology News

Logo

Advertising