Microsoft Issues Warning About Multi-Phase Phishing Attacks Targeted At Azure AD
Microsoft has warned users about a new multi-phase campaign targeting enterprise customers. The Microsoft 365 Defender Threat Intelligence Team detailed its findings on its Security blog, which indicates that these phishing attacks mainly target organizations that haven’t enabled multi-factor authentication (MFA).
As the name suggests, multi-factor authentication (MFA) is an authentication technique that requires two or more verification methods to validate a user’s identity, rather than relying on the traditional username-password combination. The goal of MFA is to offer an additional layer of security that prevents unauthorized access to sensitive information and decreases the chances of successful cyberattacks, identity thefts, and data breaches.
Multi-factor authentication (MFA) helps to block second-stage phishing attacks
Microsoft explained that the attackers use stolen credentials to register devices onto the corporate network in order to distribute phishing emails. The threat actors used this “evolved phishing” technique to target exploited instances in two phases. The first phishing attack involved stealing the stolen credentials in order to gain account privileges on the target’s network. The first stage focused primarily on organizations in Singapore, Thailand, Australia, and Indonesia.
In the second phase, the attackers used the hacked account to send DocuSign-themed phishing emails urging recipients to sign documents. The investigations revealed that the multi-stage phishing campaign leveraged Azure Active Directory (Azure AD) and Microsoft Intune to compromise the network.
“While multiple users within various organizations were compromised in the first wave, the attack did not progress past this stage for the majority of targets as they had MFA enabled. The attack’s propagation heavily relied on a lack of MFA protocols. Enabling MFA for Office 365 applications or while registering new devices could have disrupted the second stage of the attack chain,” the company explained.
Microsoft has expressed deep concerns over the low adoption of “strong identity authentication” solutions in enterprise environments. The company advises that organizations should use multi-factor authentication for protection against phishing attempts. It also recommends deploying endpoint protection solutions can help detect unmanaged devices accessing an organizational network.
More in Security
Build 2022: Microsoft Boosts Data Analytics and Cybersecurity in New Training & Certifications
May 24, 2022 | Rabia Noureen
Microsoft Defender for Office 365 to Get Preset Security Policy Improvements In June
May 23, 2022 | Rabia Noureen
Microsoft Detects 254% Spike in XorDDoS Attacks on Linux Servers
May 23, 2022 | Rabia Noureen
CISA Warns Federal Agencies to Mitigate Critical VMware Vulnerabilities by May 23
May 20, 2022 | Rabia Noureen
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
F5 Confirms New Remote Code Execution Flaw in BIG-IP Systems
May 9, 2022 | Rabia Noureen
Most popular on petri