DTX Manchester DTX Manchester
  • About Us
Sunday, 24 January, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Cybersecurity Experts Comment on Phishing Campaign That Can Bypass MFA

DIscovered by Cofence, it is yet the latest of cybercriminals' tricks to harvest user credentials

by Sabina
May 22, 2020
in Hacking
Phishing username and password
Share on FacebookShare on Twitter

Cofence Phishing Defence Center have discovered yet the latest of cybercriminals’ tricks: a phishing campaign that bypasses MFA. Different from other credential harvesting attacks, the scam attempts to trick users into granting permissions to an application that then proceeds to bypass multifactor authentication.

Leveraging the OAuth2 framework and OpenID Connect protocol, this campaign’s main goal is to steal user information to be used as leverage to extort a Bitcoin ransom.

Here’s cybersecurity experts’ advice and insight on this sophisticated scam:

Daniel Conrad, field strategist at One Identity

This is a very well-crafted phish as it “front ends” O365 with a malicious SharePoint site.  When the user authenticates to O365 it grants this site access to the users data. It goes beyond the simple gaining of a user’s password and possibly moving laterally or elevating privilege.  From an attacker’s perspective, this type of effort would be used for specific targets (aka “whaling”), where they would attempt to get specific account information from specific, high-level users.  It’s a bit like a man-in-the-middle but for O365.  Once authenticated, they would have access to anything stored on the O365 platform such as corporate email, contacts, OneDrive, etc., which they can take and hold for ransom or use maliciously.

As organisations train users on phishing and who is after their identities, attackers are learning as well.  This attack underlines the importance of separating privileged credentials from standard user credentials.  Any account with elevated permissions should not be “phishable”.

Tarik Saleh, senior security engineer and malware researcher at DomainTools

This kind of attack is definitely concerning, but not surprising. Cybercriminals are constantly looking for new and inventive ways to get around the increasingly complex defences deployed by enterprises, and by moderating a traditional phishing scam – hugely successful in their own right – to bypass multi-factor authentication, they have provided themselves with a template for cybercrime success.

The advice for organizations and employees is to remain vigilant to this new kind of threat, and to deploy training as regularly as possible to make sure individuals remain aware. Phishing is at its core an attack on people, and people remain the best defence against it, in addition to ensuring proper processes remain in place.

Jamie Akhtar, CEO and Co-Founder of CyberSmart

These scams are getting increasingly sophisticated in the ways that they masquerade as legitimate sources and while anti-phishing software can help stop many of them, others will always get through. The greatest defence when it comes to phishing threats is educating yourself and your employees on how to spot the signs of an attack.

People need to be on the lookout for spelling and grammatical errors, overpromising and eager messaging, pop-ups and urgent deadlines or calls to action. They should also look carefully at who the email is from. Phishing attempts often use the name of someone they know (a colleague or friend, for example) but with the wrong domain address. If the email contains a link, you should verify its SSL credentials and never give out personal information on a site that does not have a valid SSL certificate. If an employee or business realises they have been breached, they should immediately take action by changing their personal password and alerting employees in the rest of the company.

One of the aspects of phishing that makes it so tricky to defend against is that attackers are constantly adapting the tactics they are using to lure people in. Taking time to educate yourself and others on a regular basis on current phishing threats, is an important part of avoiding these attacks.

David Kennefick, product architect at edgescan

This is an advanced attack and some nice thinking outside the box from an attacker perspective.

So many organisation are reliant on supporting SSO solutions because of the simplicity. This attack vector is feeding off that. The reality is we are moving into a world where there are people who have known nothing other than SSO.

They use FB, Google and other technologies to manage all of their social, and from a work perspective the reply on corporate controls such as O365, Okta, Duo etc to handle all of the authentication in their working lives, all utilising technologies such as OAuth & SAML.

The main way to address this is to provide awareness to the folks who have accounts with permission that will allow this type of authorisation to happen. Stick with the minimum privileges rule and that will help, require double sign-off of hyper sensitive assets and their access. Train people that this is an attack vector and teach them how this will be used against them.

 

 

 

0 0 vote
Article Rating
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Securing Docker with CIS Controls

Next Post

Stealthy Malware Steals Your Discord Password And Attacks Your Friends

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

banking

BTG+ implements Feedzai’s Artificial Intelligence solution

January 22, 2021
Cybersecurity Failure among Highest Risks, warns World Economic Forum

Cybersecurity Failure among Highest Risks, warns World Economic Forum

January 22, 2021
Small caution cone placed over the 'enter' key on a macbook keyboard.

The Top 5 Phishing Scams of 2020

January 22, 2021
Two gloved hands holding up a globe wearing a surgical mask

Fake COVID-19 Test Certificates Pose Risk to Air Travel

January 22, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept