Daily Tech News, Interviews, Reviews and Updates

Microsoft disclosed a large-scale phishing campaign against 10,000 organizations using Office 365

Security
By Tista Karmakar
Microsoft disclosed a large-scale phishing campaign against 10,000 organizations using Office 365

Microsoft disclosed on Tuesday a large-scale phishing campaign even on accounts secured with multi-factor authentication (MFA) targeting over 10,000 organizations by hijacking Office 365’s authentication process since 2021.

Microsoft’s cyber security team reported that the attacker stole credentials and session cookies to gain access to victims’ emails in order to target more with follow-on business email compromise (BEC) campaigns. The security researchers observed that they can use one network to target many by setting up adversary-in-the-middle (AitM) phishing sites which helps the adversary to position itself between two or more networked devices with the support of follow-on behaviors such as Network Sniffing or Transmitted Data Manipulation.

The attackers usually deploy a proxy server between the potential victim and the targeted webpage from which they want to collect information. When the victim falls for the phishing email the victim lands on a lookalike of the targeted webpage that is designed to steal credential information.

The company said, “The phishing page has two different Transport Layer Security (TLS) sessions — one with the target and another with the actual website the target wants to access.”

Microsoft has also explained the way attackers bypass multi-factor authentication. According to the company, the attackers inject cookies into the victim’s browser to circumvent the authentication process regardless of whether they have enabled MFA or not.

Microsoft said, ” The session cookie is proof for the web server that the user has been authenticated and has an ongoing session on the website. In AitM phishing, an attacker attempts to obtain a target user’s session cookie so they can skip the whole authentication process and act on the latter’s behalf.”

The company further stated that the attackers used Outlook Web Access (OWA) on a Chrome browser to perform the activities for Microsoft Office 365 users. After performing the activity they have also deleted the original phishing email and the follow-on communications with more targets both from Archive and Sent emails.

Eruch Kron, an security awareness advocate said recently in the wake of these attacks, “Attacks like this are becoming more common as organizations and individuals enable multi-factor authentication (MFA) on accounts in order to better secure them.”

However, the major tech company Microsoft has taken considerable precautions to avoid such types of attacks in the future.

Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More
Tista Karmakar 331 posts

She is Currently doing PG Diploma in Journalism and Mass communication from Indira Gandhi Open University, July Session. 2022.
She has completed Master's Degree in Film Study from Jadavpur University with 8.81 cGPA .

You might also like
Crypto

WazirX Suffers $230 Million Cyberattack, Launches Bounty Programs for Recovery

Crypto

Major Security Breach At WazirX: $230 Million In Crypto Stolen by Hackers

Security

Call Records and Text From Nearly All Customers Were Hacked Through A Cloud Service:…

Security

Airtel Denies Data Breach Claims, Calls Allegations a Desperate Attempt to Tarnish…

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More