How To Protect Against Phishing Attacks Bypassing 2FA

By   ISBuzz Team
Writer , Information Security Buzz | Jul 14, 2022 05:45 am PST

According to a recent post from Microsoft, a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication (MFA). The attackers then used the stolen credentials and session cookies to access affected users’ mailboxes and perform follow-on business email compromise (BEC) campaigns against other targets. Based on our threat data, the AiTM phishing campaign attempted to target more than 10,000 organizations since September 2021.