Microsoft 365 Business users have been targeted by Cyber Criminals in attempt to maliciously divert business payments. Research has found there is a recent email campaign sent out by fraudsters in attempts to leverage weakness’s in the Multi-factor Authentication system, Microsoft Authenticator and Microsoft 365 Identity Protection.
The email campaign in question is said to hijack the users email address’s through phishing emails said to mascaraed from a reputable source – DocuSign. Users are prompted to to ‘Review Document’ and from there prompted to add their Microsoft Azure password, cookies within the webpage are used to take the login and MFA details. From there the attacker is able to set up a second Authenticator app. To gain access without the user even realising.
The email and webpage look authentic to the user and difficult to spot even evading email filtering systems.
Once the criminals have access to emails, they have taken over business payments by sending emails to change bank details to their clients through an imitator email address. The recipient of this email is led to believe that the usual bank details have been frozen and update the details to the new bank details belonging to the Cyber Criminals. Which in turn causes the recipient to pay the attacker.
The attacker can remain ‘dormant’ for some time before attacking, waiting for a potential business deal to arise and watching emails.
Microsoft in response to this malicious email campaign has advised users to set up another ‘layer of defense’:
“We strongly recommend setting up another layer of defense, in the form of a third factor, tied to a physical device or to the employee’s authorized laptop and phone.”
“Microsoft 365 offers this as part of Conditional Access by adding a requirement to authenticate via an enrolled and compliant device only, which would completely prevent [these] attacks.” – Microsoft
Cyber threats continue to grow, with the complexity and severity becoming increasingly severe. Attacks on small and large organisations is increasingly more common. At Tecnica we deliver a range of secure IT Services and Solutions. As a Microsoft Gold Partner we are the trusted provider to ensure your Microsoft Services are secure. To discover more how Tecnica could secure your organisation and prevent being targeted by Cyber Criminals visit: IT Security – Scotland, Fife, Edinburgh, Glasgow, Aberdeen, Perth (tecnica-ltd.co.uk)