Microsoft Issues Warning About Multi-Phase Phishing Attacks Targeted At Azure AD
Microsoft has warned users about a new multi-phase campaign targeting enterprise customers. The Microsoft 365 Defender Threat Intelligence Team detailed its findings on its Security blog, which indicates that these phishing attacks mainly target organizations that haven’t enabled multi-factor authentication (MFA).
As the name suggests, multi-factor authentication (MFA) is an authentication technique that requires two or more verification methods to validate a user’s identity, rather than relying on the traditional username-password combination. The goal of MFA is to offer an additional layer of security that prevents unauthorized access to sensitive information and decreases the chances of successful cyberattacks, identity thefts, and data breaches.
Multi-factor authentication (MFA) helps to block second-stage phishing attacks
Microsoft explained that the attackers use stolen credentials to register devices onto the corporate network in order to distribute phishing emails. The threat actors used this “evolved phishing” technique to target exploited instances in two phases. The first phishing attack involved stealing the stolen credentials in order to gain account privileges on the target’s network. The first stage focused primarily on organizations in Singapore, Thailand, Australia, and Indonesia.
In the second phase, the attackers used the hacked account to send DocuSign-themed phishing emails urging recipients to sign documents. The investigations revealed that the multi-stage phishing campaign leveraged Azure Active Directory (Azure AD) and Microsoft Intune to compromise the network.
“While multiple users within various organizations were compromised in the first wave, the attack did not progress past this stage for the majority of targets as they had MFA enabled. The attack’s propagation heavily relied on a lack of MFA protocols. Enabling MFA for Office 365 applications or while registering new devices could have disrupted the second stage of the attack chain,” the company explained.
Microsoft has expressed deep concerns over the low adoption of “strong identity authentication” solutions in enterprise environments. The company advises that organizations should use multi-factor authentication for protection against phishing attempts. It also recommends deploying endpoint protection solutions can help detect unmanaged devices accessing an organizational network.
More in Security
Microsoft Defender Vulnerability Management Adds New CVE Reporting Feature
Jun 30, 2022 | Rabia Noureen
Microsoft Releases Patches to Address Azure FabricScape Flaw Affecting Linux Workloads
Jun 29, 2022 | Rabia Noureen
Microsoft Defender for Identity Can Now Detect Insecure Domain Configurations
Jun 27, 2022 | Rabia Noureen
CISA Warns Unpatched VMware Servers Remain Vulnerable to Log4Shell
Jun 24, 2022 | Rabia Noureen
QNAP Releases Patch to Fix PHP Security Flaw Affecting Select NAS Devices
Jun 23, 2022 | Rabia Noureen
Microsoft Unveils New Edge Secured-Core IoT Devices to Block Firmware Attacks
Jun 22, 2022 | Rabia Noureen
Most popular on petri