AiTM Phishing Campaign Targets +10,000 Orgs Since 2021 – Expert Comments

Security Affairs reported on a Microsoft analysis of a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and bypass the authentication process even when the victim has enabled the MFA.

– The landing pages used in this campaign were designed to target Office 365 authentication process by posing as the Office online authentication page. Microsoft researchers noticed that the operators behind this campaign use the Evilginx2 phishing kit as their AiTM infrastructure.

– Microsoft recommends organization to adopt MFA implementation “phish-resistant” by using solutions that support Fast ID Online (FIDO) v2.0 and certificate-based authentication.

Subscribe
Notify of
guest
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Garret F. Grajek
Garret F. Grajek , CEO
InfoSec Expert
July 15, 2022 2:02 pm

“Phishing is still the #1 attack vector with identities being their primary target. An identity is a pass key into an enterprise’s resources. Why hack the security components when the key to front door is available. It can never be stated enough how much identities, especially ghost, legacy, stale accounts must be discovered and eliminated. It’s these stale accounts that allow hackers to stay resident.”

Last edited 24 days ago by Garret F. Grajek
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x