Security Affairs reported on a Microsoft analysis of a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and bypass the authentication process even when the victim has enabled the MFA.
– The landing pages used in this campaign were designed to target Office 365 authentication process by posing as the Office online authentication page. Microsoft researchers noticed that the operators behind this campaign use the Evilginx2 phishing kit as their AiTM infrastructure.
– Microsoft recommends organization to adopt MFA implementation “phish-resistant” by using solutions that support Fast ID Online (FIDO) v2.0 and certificate-based authentication.
“Phishing is still the #1 attack vector with identities being their primary target. An identity is a pass key into an enterprise’s resources. Why hack the security components when the key to front door is available. It can never be stated enough how much identities, especially ghost, legacy, stale accounts must be discovered and eliminated. It’s these stale accounts that allow hackers to stay resident.”