Microsoft has shared insights about a new phishing campaign that employs a unique strategy to wage and spread infections. As observed, the technique registers the attacker’s device with the victim network to spread further by evading MFA.
Unique Phishing Strategy Registers Attacker’s Device To Victim Network
Elaborating on the details in a blog post, researchers from the Microsoft 365 Defender Threat Intelligence Team shared how the new phishing attack registers an attacker’s device to spread infections via the victim network in phases. This technique particularly proves successful in targeting victims lacking multi-factor authentication (MFA).
Describing the reason behind this, Microsoft stated,
Without additional protective measures such as MFA, the attack takes advantage of the concept of bring-your-own-device (BYOD) via the ability to register a device using freshly stolen credentials.
So, that’s what the attackers exploit in this campaign, where the attack has two phases. Firstly, the attackers steal credentials from the target organization’s network. Attackers targeted organizations in Australia, Indonesia, Singapore, and Thailand.
Once stolen, the attackers then run the second phase by registering one of their devices to the target network. This move allows the attackers to spread on the network without attracting attention.
According to Microsoft, the networks having MFA enabled sufficiently prevented this attack. That’s because the attackers couldn’t use stolen credentials to register their devices. However, the networks lacking MFA protection allowed the attack to progress.
Whereas, to steal credentials, the attackers use the traditional phishing techniques of tricking users via legit-looking emails and redirecting them to fake phishing pages to steal credentials. Here, the attackers designed the phishing web pages as Office 365 login pages to bluff victims.
To prevent such attacks, Microsoft urges organizations to enable MFA protection for their accounts. Also, resetting stolen or old passwords can help avoid such phishing threats.