According IT Pro, a new business email compromise (BEC) campaign has been targeting Microsoft 365 organizations in a bid to hack corporate executives’ accounts and maliciously divert business payments. Researchers from cyber security firm Mitiga found that the hackers are leveraging inherent weaknesses in 365’s multi-factor authentication (MFA), Microsoft Authenticator, as well as Microsoft 365 Identity Protection. The attacks combine spear-phishing tactics with man-in-the-middle methods to compromise email accounts. The attackers essentially hijack business transactions by sending an email from the account to its intended recipient with a request to change the receiving bank account, according to Mitiga research. These emails trick the recipient into believing that the usual payment account has been frozen and convincing them to use alternative accounts belonging the threat actor. The attacker will also hijack email chains with forged ‘typo squatting’ domains that appear genuine at first glance due to stealthy character changes. Mitiga’s researchers discovered the campaign when investigating a failed attack, which indicated that the attacker had access to sensitive information only obtainable by compromising a user’s account.
DocuSign is one of the most impersonated brands when it comes to phishing emails and fake login forms are a scammer’s favourite. When created well and sent in a timely fashion that fits with a victim’s narrative it can be a recipe for disaster if payment details are compromised. Combining spear phishing with man-in-the-middle methods generate more victims and unfortunately damage businesses. This now forces staff to use yet another layer of defence in form of a physical key such as a laptop or phone but this is what it takes to beat the persistency of today’s attackers.