1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This Microsoft phishing campaign can hack you, even if you have M

    From TechnologyDaily@1337:1/100 to All on Wed Jul 13 15:00:04 2022
    This Microsoft phishing campaign can hack you, even if you have MFA

    Date:
    Wed, 13 Jul 2022 13:47:48 +0000

    Description:
    MFA does little good when the session doesn't expire, and session cookies can be obtained, Microsoft warns.

    FULL STORY ======================================================================

    Hackers are able to hijack Outlook email accounts even if theyre protected by multi-factor authentication, Microsoft has warned.

    The companys cybersecurity teams from the Threat Intelligence Center, and the Microsoft 365 Defender Research Team have uncovered a new large-scale
    phishing campaign that targeted more than 10,000 businesses in the past year.

    The compromised email accounts are later used for business email compromise (BEC) attacks, in which the victims business partners, clients, and
    customers, end up being defrauded for their money. Stealing session cookies

    The victim would receive a phishing email, with a link to log into their Outlook account. That link, however, would lead them to a proxy site, seemingly identical to the legitimate one. The victim would try to log in,
    and the proxy site would allow it, sending all of the data through.

    However, once the victim completes the authentication process, the attacker would steal the session cookie. As the user doesnt need to be reauthenticated at every new page visit, that gives the threat actor full access, as well.

    "From our observation, after a compromised account signed into the phishing site for the first time, the attacker used the stolen session cookie to authenticate to Outlook online (outlook.office.com)," Microsofts blog post said. "In multiple cases, the cookies had an MFA claim, which means that even if the organization had an MFA policy, the attacker used the session cookie
    to gain access on behalf of the compromised account."

    After getting hold of the email account, the attackers would proceed to
    target the contacts in the inbox, using the stolen identities to try and
    trick them into sending payments of various sizes. Read more

    These are the best malware removal tools right now


    Everything you need to know about phishing


    This Facebook Messenger phishing scam may have trapped millions of users

    To make sure the original victim stays oblivious to the fact that their email accounts are being abused, the attackers would set up inbox rules on the endpoint , marking their emails as read by default, and moving them to archive, immediately. The attackers would check the inbox every couple of days, it was said.

    "On one occasion, the attacker conducted multiple fraud attempts simultaneously from the same compromised mailbox," Microsoft says. "Every
    time the attacker found a new fraud target, they updated the Inbox rule they created to include these new targets' organization domains." These are the best firewalls right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-microsoft-phishing-campaign-can-hack-you-e ven-if-you-have-mfa/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)