Microsoft have uncovered a large-scale, multi-phase phishing campaign which tricks victims without multifactor authentication (MFA).

Phishing continues to be the most dominant means for attacking enterprises to gain initial entry. The potential attack surface is further broadened by the increase in employees who work-from-home which shifts the boundaries between internal and external corporate networks.
While multiple users within various organisations were compromised in the first phase, the attack did not progress past this stage for the majority of targets as they had MFA enabled. The attack’s escalation heavily relied on a lack of MFA measures.

Screenshot of the phishing page showing the username prepopulated

Phishing page with username prepopulated

Generally, the vast majority of organisations enabled MFA and were protected from the attackers’ abilities to propagate the attack and expand their network foothold. Nonetheless, those that do not have MFA enabled could open themselves up to being victimised in potential future attack waves.

Read the full article by Microsoft:

Read more

Back to News