You've successfully subscribed to INFIMA Security
Great! Next, complete checkout for full access to INFIMA Security
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

Phishing Bypasses 2 Factor Authentication

Crafty hackers have bypassed login security in Office 365.

In a very tricky Phishing attack, cyber criminals have bypassed multi-factor login protections in Office 365. Once in, the hackers have full access to the victim's data. All of this is without ever stealing login credentials.

In addition to potentially exposing users' documents and files stored in the cloud, the fraudsters waging the phishing campaign could gain access to victims' contact lists, creating potential new targets.

The email most actively used in this campaign includes a malicious SharePoint link. To induce the victim to click, the file supposedly contains information on quarterly bonuses. Who doesn't want to see that?! (see another attack here)

If a targeted victim clicked the link, they were taken to the legitimate Microsoft Office 365 login page.

Get this - the victim is taken to a REAL Office 365 login page. This makes the attack much more difficult to recognize. In fact, the link contains a legitimate Microsoft domain, but the attackers appended malicious instructions to the end of the URL.

The altered URL contained parameters that captured the security tokens and other authentication data and then sent that information back to the attackers.

When the user logs in to Office 365 via this URL, the attacker gains access to critical security tokens. These tokens allow the hacker to impersonate the victim without ever needing to know his username or password.

"Not only is there no need to compromise credentials, but touted security measures, such as [multifactor authentication] are also bypassed; it is users themselves who unwittingly approve malicious access to their data."

To make matters worse, attackers have the ability to request a new security token when a previous one expires. This allows the attack to persist, giving the hacker more time to inflict damage.

Cyber criminals continue improving their methods. Your users require Training to improve their security, too.

Are you ready to take action?
Start with booking quick call to learn how INFIMA's Automated Security Awareness platform easily instructs and tests your team.

To get a quote, set up a call with our (non-pushy) team here!

Phishing Bypasses 2FA

Original article here.

Joel Cahill

Cybersecurity enthusiast. Entrepreneur.