According IT Pro, a new business email compromise (BEC) campaign has been targeting Microsoft 365 organizations in a bid to hack corporate executives’ accounts and maliciously divert business payments. Researchers from cyber security firm Mitiga found that the hackers are leveraging inherent weaknesses in 365’s multi-factor authentication (MFA), Microsoft Authenticator, as well as Microsoft 365 Identity Protection. The attacks combine spear-phishing tactics with man-in-the-middle methods to compromise email accounts. The attackers essentially hijack business transactions by sending an email from the account to its intended recipient with a request to change the receiving bank account, according to Mitiga research. These emails trick the recipient into believing that the usual payment account has been frozen and convincing them to use alternative accounts belonging the threat actor. The attacker will also hijack email chains with forged ‘typo squatting’ domains that appear genuine at first glance due to stealthy character changes. Mitiga’s researchers discovered the campaign when investigating a failed attack, which indicated that the attacker had access to sensitive information only obtainable by compromising a user’s account.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
