Initially, Mitiga was unsure how the new authenticator was created. While Microsoft's security measures worked as designed, the attackers uncovered a way to circumvent them. However, Ofer Maor, chief technology officer and co-founder of Mitiga, told TechTarget Editorial that to pull off high-end BEC, attackers require a way to keep M365 access for weeks.
Normally, a session will be invalidated after a few days, requiring users to do MFA again. The second authenticator was set up without alerting the user. While many steps aligned with previously observed tactics, there was one new aspect of the attack that led the vendor to question how Microsoft's MFA works by design.įollowing an adversary-in-the-middle (AiTM) phishing technique to gain initial access, attackers were able to add a new authenticator on the compromised account that allowed them to maintain extended access. During the incident response, Mitiga discovered unauthorized access to the Microsoft 365 (M365) user of an executive in the organization. In a blog post Wednesday, cloud incident response vendor Mitiga detailed an investigation it did into an attempted business email compromise (BEC) attack on a multimillion-dollar transaction.
0 kommentar(er)
