International Cyber Expo International Cyber Expo
  • About Us
Thursday, 16 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Cybersecurity Experts Comment on Phishing Campaign That Can Bypass MFA

DIscovered by Cofence, it is yet the latest of cybercriminals' tricks to harvest user credentials

by The Gurus
May 22, 2020
in Hacking
Phishing username and password
Share on FacebookShare on Twitter

Cofence Phishing Defence Center have discovered yet the latest of cybercriminals’ tricks: a phishing campaign that bypasses MFA. Different from other credential harvesting attacks, the scam attempts to trick users into granting permissions to an application that then proceeds to bypass multifactor authentication.

Leveraging the OAuth2 framework and OpenID Connect protocol, this campaign’s main goal is to steal user information to be used as leverage to extort a Bitcoin ransom.

Here’s cybersecurity experts’ advice and insight on this sophisticated scam:

Daniel Conrad, field strategist at One Identity

This is a very well-crafted phish as it “front ends” O365 with a malicious SharePoint site.  When the user authenticates to O365 it grants this site access to the users data. It goes beyond the simple gaining of a user’s password and possibly moving laterally or elevating privilege.  From an attacker’s perspective, this type of effort would be used for specific targets (aka “whaling”), where they would attempt to get specific account information from specific, high-level users.  It’s a bit like a man-in-the-middle but for O365.  Once authenticated, they would have access to anything stored on the O365 platform such as corporate email, contacts, OneDrive, etc., which they can take and hold for ransom or use maliciously.

As organisations train users on phishing and who is after their identities, attackers are learning as well.  This attack underlines the importance of separating privileged credentials from standard user credentials.  Any account with elevated permissions should not be “phishable”.

Tarik Saleh, senior security engineer and malware researcher at DomainTools

This kind of attack is definitely concerning, but not surprising. Cybercriminals are constantly looking for new and inventive ways to get around the increasingly complex defences deployed by enterprises, and by moderating a traditional phishing scam – hugely successful in their own right – to bypass multi-factor authentication, they have provided themselves with a template for cybercrime success.

The advice for organizations and employees is to remain vigilant to this new kind of threat, and to deploy training as regularly as possible to make sure individuals remain aware. Phishing is at its core an attack on people, and people remain the best defence against it, in addition to ensuring proper processes remain in place.

Jamie Akhtar, CEO and Co-Founder of CyberSmart

These scams are getting increasingly sophisticated in the ways that they masquerade as legitimate sources and while anti-phishing software can help stop many of them, others will always get through. The greatest defence when it comes to phishing threats is educating yourself and your employees on how to spot the signs of an attack.

People need to be on the lookout for spelling and grammatical errors, overpromising and eager messaging, pop-ups and urgent deadlines or calls to action. They should also look carefully at who the email is from. Phishing attempts often use the name of someone they know (a colleague or friend, for example) but with the wrong domain address. If the email contains a link, you should verify its SSL credentials and never give out personal information on a site that does not have a valid SSL certificate. If an employee or business realises they have been breached, they should immediately take action by changing their personal password and alerting employees in the rest of the company.

One of the aspects of phishing that makes it so tricky to defend against is that attackers are constantly adapting the tactics they are using to lure people in. Taking time to educate yourself and others on a regular basis on current phishing threats, is an important part of avoiding these attacks.

David Kennefick, product architect at edgescan

This is an advanced attack and some nice thinking outside the box from an attacker perspective.

So many organisation are reliant on supporting SSO solutions because of the simplicity. This attack vector is feeding off that. The reality is we are moving into a world where there are people who have known nothing other than SSO.

They use FB, Google and other technologies to manage all of their social, and from a work perspective the reply on corporate controls such as O365, Okta, Duo etc to handle all of the authentication in their working lives, all utilising technologies such as OAuth & SAML.

The main way to address this is to provide awareness to the folks who have accounts with permission that will allow this type of authorisation to happen. Stick with the minimum privileges rule and that will help, require double sign-off of hyper sensitive assets and their access. Train people that this is an attack vector and teach them how this will be used against them.

 

 

 

ShareTweet
Previous Post

Securing Docker with CIS Controls

Next Post

Stealthy Malware Steals Your Discord Password And Attacks Your Friends

Recent News

Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

July 15, 2026
Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

July 15, 2026
Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

July 14, 2026
Lidl Confirms Data Breach After Third-Party IT Provider Hack

Lidl Confirms Data Breach After Third-Party IT Provider Hack

July 14, 2026

Eskenzi PR banner ad

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol