Expert Comments

Clever Phishing Attack Bypasses MFA to Nab Microsoft Office 365 Credentials – Expert Reaction

Expert(s): Security Experts
Expert(s): Security Experts

Cofence has discovered an attack that bypasses MFA to nab Microsoft 365 credentials. Researchers at Cofense Phishing Defense Center discovered the tactic, which leverages the OAuth2 framework and OpenID Connect (OIDC) protocol and uses a malicious SharePoint link to trick users into granting permissions to a rogue application, researcher Elmer Hernandez wrote in a blog post published Tuesday.

Experts Comments

May 21, 2020
Dan Conrad
Field Strategist
One Identity
This is a very well-crafted phish as it “front ends” O365 with a malicious SharePoint site. When the user authenticates to O365 it grants this site access to the user's data. It goes beyond the simple gaining of a user’s password and possibly moving laterally or elevating privilege. From an attacker’s perspective, this type of effort would be used for specific targets (aka “whaling”), where they would attempt to get specific account information from specific, high-level users......Read More
This is a very well-crafted phish as it “front ends” O365 with a malicious SharePoint site. When the user authenticates to O365 it grants this site access to the user's data. It goes beyond the simple gaining of a user’s password and possibly moving laterally or elevating privilege. From an attacker’s perspective, this type of effort would be used for specific targets (aka “whaling”), where they would attempt to get specific account information from specific, high-level users. It’s a bit like a man-in-the-middle, but for O365. Once authenticated, they would have access to anything stored on the O365 platform such as corporate email, contacts, OneDrive, etc., which they can take and hold for ransom or use maliciously. As organisations train users on phishing and who is after their identities, attackers are learning as well. This attack underlines the importance of separating privileged credentials from standard user credentials. Any account with elevated permissions should not be “phishable”.  Read Less
May 21, 2020
Niamh Muldoon
Senior Director of Trust and Security EMEA
OneLogin
Phishing is the mechanism for malicious attackers to gain access to organisation networks and/or systems and malicious attackers are moving away from traditional delivery mechanisms of phishing links such as email. This new type of attack demonstrates that multi-factor authentication alone is not enough to protect against increasingly sophisticated phishing attacks and now even traditional forms of 2 Factor Authentication using something you know, like a password, whilst having tokens or pins, .....Read More
Phishing is the mechanism for malicious attackers to gain access to organisation networks and/or systems and malicious attackers are moving away from traditional delivery mechanisms of phishing links such as email. This new type of attack demonstrates that multi-factor authentication alone is not enough to protect against increasingly sophisticated phishing attacks and now even traditional forms of 2 Factor Authentication using something you know, like a password, whilst having tokens or pins, like an SMS and One-time-password, are at risk. Multi-factor authentication using the something you are component (biometrics) reduces this risk. Leaders Digital Identity space are using AI to model user behaviours for access to systems and data, if a user’s risk profile changes then so do does their authentication mechanism along with ability to execute privileges, this makes it more complex and difficult for malicious attackers to be successful in gaining access.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT

You may also like

Booz Allen Report On CISOs And China Quantum Computing Risks,...

Experts Reactions On Sky Broadband Hack Warning

Ransomware Set To Break Records This Black Friday 2021

The Changing Face Of The COO Role

Security Expert On Apple Suing NSO Group

Meta Delays Plans To Rollout End-to-end Encryption

NCSC Issues Black Friday Warning To Tetailers

How The Zelle Fraud Scam Steals Your Bank Credentials

GoDaddy Data Breach Impacts Over A Million Users, Experts Reactions

Utah Imaging Data Breach – Expert Comments

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts