A phishing and business email compromise (BEC) campaign that attempts to steal millions of dollars from victims is targeting Microsoft 365 accounts with attacks that can bypass multi-factor authentication (MFA).
Applying multi-factor authentication (MFA) is one of the best things that can be done to help secure user accounts from being compromised – but as with any other cybersecurity measure, malicious hackers are attempting to find ways to get around it.
An example of this has been detailed by cybersecurity researchers at Mitiga, who uncovered a campaign combining phishing with attacker-in-the-middle (AiTM) attacks to circumvent MFA.
The attacks target the cloud-based Office 365 accounts of executives – mainly CEOs and CFOs – in order to send fraudulent emails requesting financial transfers to be made, by sliding into ongoing, legitimate email conversations about business deals, but with a fraudulent request for payment.
The attackers change the bank details so that they receive the payment if the transfer is approved.
Researchers say the attackers behind this campaign are attempting to steal millions of dollars in each transaction.
Full article on https://www.zdnet.com/article/hackers-are-attempting-to-steal-millions-of-dollars-from-businesses-by-bypassing-multi-factor-authentication/
#hack #theft #business #MFA #bypass #blog #YOKdata