You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

Phishing Bypasses 2 Factor Authentication

Crafty hackers have bypassed login security in Office 365.

In a very tricky Phishing attack, cyber criminals have bypassed multi-factor login protections in Office 365. Once in, the hackers have full access to the victim's data. All of this is without ever stealing login credentials.

In addition to potentially exposing users' documents and files stored in the cloud, the fraudsters waging the phishing campaign could gain access to victims' contact lists, creating potential new targets.

The email most actively used in this campaign includes a malicious SharePoint link. To induce the victim to click, the file supposedly contains information on quarterly bonuses. Who doesn't want to see that?! (see another attack here)

If a targeted victim clicked the link, they were taken to the legitimate Microsoft Office 365 login page.

Get this - the victim is taken to a REAL Office 365 login page. This makes the attack much more difficult to recognize. In fact, the link contains a legitimate Microsoft domain, but the attackers appended malicious instructions to the end of the URL.

The altered URL contained parameters that captured the security tokens and other authentication data and then sent that information back to the attackers.

When the user logs in to Office 365 via this URL, the attacker gains access to critical security tokens. These tokens allow the hacker to impersonate the victim without ever needing to know his username or password.

"Not only is there no need to compromise credentials, but touted security measures, such as [multifactor authentication] are also bypassed; it is users themselves who unwittingly approve malicious access to their data."

To make matters worse, attackers have the ability to request a new security token when a previous one expires. This allows the attack to persist, giving the hacker more time to inflict damage.

Cyber criminals continue improving their methods. Your users require Training to improve their security, too.

Are you ready to take action?
Start with booking quick call to learn how INFIMA's Automated Security Awareness platform easily instructs and tests your team.

To get a quote, set up a call with our (non-pushy) team here!

Phishing Bypasses 2FA

Original article here.
[https://www.databreachtoday.com/phishing-attack-bypassed-office-365-multifactor-protections-a-14310]

SecuritySales
Joel Cahill

Joel Cahill

Cybersecurity enthusiast. Entrepreneur.

You might also like

Criminal Courts Hacked, Docs Leaked

Criminal Courts Hacked, Docs Leaked

With Courts sending and receiving tons of email with attachments, they are a ripe target for a crafty Phish.

Joel Cahill
Joel Cahill
Legal
What Do Canon, Jack Daniels and Carnival Cruises Have In Common?

What Do Canon, Jack Daniels and Carnival Cruises Have In Common?

You may patronize each of these companies on vacation, and now hackers are taking a lot of that money for themselves.

Joel Cahill
Joel Cahill
Hospitality

Featured Posts

CIS Control 14 and Security Awareness Training

CIS Control 14 and Security Awareness Training

Let's Dig In: Security Awareness & Compliance

Let's Dig In: Security Awareness & Compliance

Cyber Insurers Tighten Requirements

Cyber Insurers Tighten Requirements