Microsoft Issues Warning About Multi-Phase Phishing Attacks Targeted At Azure AD
Microsoft has warned users about a new multi-phase campaign targeting enterprise customers. The Microsoft 365 Defender Threat Intelligence Team detailed its findings on its Security blog, which indicates that these phishing attacks mainly target organizations that haven’t enabled multi-factor authentication (MFA).
As the name suggests, multi-factor authentication (MFA) is an authentication technique that requires two or more verification methods to validate a user’s identity, rather than relying on the traditional username-password combination. The goal of MFA is to offer an additional layer of security that prevents unauthorized access to sensitive information and decreases the chances of successful cyberattacks, identity thefts, and data breaches.
Multi-factor authentication (MFA) helps to block second-stage phishing attacks
Microsoft explained that the attackers use stolen credentials to register devices onto the corporate network in order to distribute phishing emails. The threat actors used this “evolved phishing” technique to target exploited instances in two phases. The first phishing attack involved stealing the stolen credentials in order to gain account privileges on the target’s network. The first stage focused primarily on organizations in Singapore, Thailand, Australia, and Indonesia.
In the second phase, the attackers used the hacked account to send DocuSign-themed phishing emails urging recipients to sign documents. The investigations revealed that the multi-stage phishing campaign leveraged Azure Active Directory (Azure AD) and Microsoft Intune to compromise the network.
“While multiple users within various organizations were compromised in the first wave, the attack did not progress past this stage for the majority of targets as they had MFA enabled. The attack’s propagation heavily relied on a lack of MFA protocols. Enabling MFA for Office 365 applications or while registering new devices could have disrupted the second stage of the attack chain,” the company explained.
Microsoft has expressed deep concerns over the low adoption of “strong identity authentication” solutions in enterprise environments. The company advises that organizations should use multi-factor authentication for protection against phishing attempts. It also recommends deploying endpoint protection solutions can help detect unmanaged devices accessing an organizational network.
More in Security
Atlassian Releases Patches for Critical Authentication Vulnerability in Jira Software
Feb 6, 2023 | Rabia Noureen
What is Microsoft Sentinel and How Does It Protect Cloud and On-Premises Resources?
Feb 2, 2023 | Mustafa Toroman
Microsoft Warns About New Consent-Phishing Attacks Used to Steal Data
Feb 1, 2023 | Rabia Noureen
Microsoft Defender for Endpoint Adds Device Isolation Support for Linux Machines
Jan 31, 2023 | Rabia Noureen
Git Releases New Security Updates to Block Remote Code Execution Attacks
Jan 18, 2023 | Rabia Noureen
PyTorch Discloses Internal Dependency Compromised with Malicious Code
Jan 4, 2023 | Rabia Noureen
Most popular on petri