Microsoft took the opportunity to tout its own security toolings and also urged security and IT professionals to be alert to “sign-in attempts with suspicious characteristics (for example, location, ISP, user agent, use of anonymizer services” “hunt for unusual mailbox activities such as the creation of Inbox rules with suspicious purposes or unusual amounts of mail item access events by untrusted IP addresses or devices.” Once the attacker obtains the session cookie, they can inject it into their browser to skip the authentication process, even if the target’s MFA is enabled. The so-called adversary-in-the-middle (AiTM) approach (known in less enlightened times as MiTM) as detailed in the Microsoft graphic above, lets the attackers intercept the authentication process and extracting data from the HTTP requests such as passwords and, more importantly, session cookies. Hackers proxied the Azure Active Directory (Azure AD) sign-in pages of thousands of organisations to steal credentials and bypass multi-factor authentication (MFA), Microsoft has warned, saying it tracked attempts against 10,000 organisations since September 2021 – many attacks resulting in successful follow-up business email compromise (BEC) campaigns (sophisticated phishing that mimics suppliers to steal money or data).ĬISOs and other security professionals who have fought for broad MFA rollout sometimes painfully and now wondering wearily what to do, fear not - organisations can make their MFA implementation “phish-resistant” by using solutions that support Fast ID Online (FIDO) v2.0 and certificate-based authentication, Redmond said.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |