Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft Warns that Business Email Compromise Attacks Can Hijack Accounts in Hours

Microsoft has warned that threat actors are increasingly using business email compromise campaigns to target enterprise customers. The company has found that it could be challenging for the victims to identify and mitigate the attacks on time.

Business email compromise (BEC) is a type of cyberattack that lets hackers use phishing emails to request payments or gain access to sensitive information. The threat actor impersonates a trusted individual (like an executive or customer) to convince the target to take a specific action. The FBI 2021 Internet Crime Report revealed that BEC attacks increased by 65 percent from July 2019 to December 2021.

Microsoft explained that the attacker used a phishing technique called adversary-in-the-middle (AiTM) to get the session cookie and bypass multi-factor authentication (MFA). They signed in to the target account and spent two hours searching for email threads to hijack. The next step involves using homoglyph characters to register deceptive domains similar to the legitimate website.

The cybercriminals made a rule to move and hide emails in a different folder. They also emailed the business partner and asked them to send money to an account they owned. After that, the threat actors deleted the email so the compromised user wouldn’t notice. Microsoft says that its Microsoft 365 Defender alerted about the BEC attacks around 20 minutes after the email was deleted from the mailbox. The solution disabled the compromised account to mitigate the cyberattack.

Microsoft Warns that Business Email Compromise Attacks Can Hijack Accounts in Hours — Timeline of the BEC campaign

Microsoft 365 Defender disrupted 38 BEC attacks

Microsoft highlighted that the tool uses AI-based detection capabilities to mitigate 38 BEC attacks targeting 38 enterprise customers. “In our testing and evaluation of BEC detections and actions in customer environments faced with real-world attack scenarios, dozens of organizations were better protected when accounts were automatically disabled by Microsoft 365 Defender,” Microsoft explained.

If you’re interested, you can learn more about the BEC attack disruption capabilities available in Microsoft 365 Defender in our previous post.

by Rabia Noureen
Mar 10, 2023

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Streamlining SaaS Governance: How Nudge Security Simplifies Compliance and Security Management for Cloud Apps

Oct 30, 2023
Nov 03, 2023
Five Tactics Towards Achieving Zero Trust with Azure Active Directory

Aug 29, 2023
Feb 01, 2024
Webinar: Learn How to Keep Critical Web Apps Online and Sensitive Data Secure

May 9, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.