A huge web of phishing attacks were performed on over 10,000 organizations!
Tricking victims with fake Office 365 landing pages, threat actors went on to spoof the Office 365 MFA authentication page, thereby collecting victims credentials and using them to bypass MFA. After using their newly-gained usernames and passwords, the hackers gained access to email accounts, and performed business email compromise (BEC) campaigns against other targets.
Business email compromise (BEC) attack is a form of phishing attack where a criminal attempts to trick a senior executive (or budget holder) into transferring funds, or revealing sensitive information. In this case, the threat actors used every successful initial phishing attack to attempt to perform a BEC using the victims’ email contacts- creating a web that affected 10,000 organizations.
Attackers used reverse proxy style phishing sites (hosted on web servers designed to proxy the targets’ authentication requests to the real Office 365 website) via TLS channels. This turned the attackers’ phishing page into a man-in-the-middle agent intercepting the authentication process and extracting sensitive information from hijacked HTTP requests, passwords and session cookies. Using the stolen session cookie, attackers injected it into their web browsers, skipping the authentication process, and bypassing MFA.
Microsoft recommends using “phish-resistant” MFA implementations that have certificate-based authentication and Fast ID Online (FIDO) v2.0 support to defend your employees from attacks.
At Centraleyes, we recommend fortifying security efforts by:
- Updating access management policies and procedures to exclude non-compliant devices or untrusted IP addresses,
- Monitor suspicious sign-in attempts and notify security personnel,
- Work with vendors whose security practices are up to standard.
If you aren’t sure where your vendors stand on their cybersecurity, it’s time to deploy a 3rd party risk management solution. Contact Centraleyes for a free trial to see how our automated risk management platform can increase your security and protect your organization.
Start Getting Value With
Centraleyes for Free
See for yourself how the Centraleyes platform exceeds anything an old GRC
system does and eliminates the need for manual processes and spreadsheets
to give you immediate value and run a full risk assessment in less than 30 days