Phishing attacks often rely on the simplest methods to trick people. However, like other forms of cybercrime, threat actors must constantly evolve their techniques. Once a phishing scheme is understood, it is harder to keep using the same attack method. A report from Microsoft 365 Defender Threat Intelligence Team shows what the latest evolution of phishing looks like.
In a Microsoft Security blog post, the team discusses a phishing campaign that functions across multiple phases. It is a new kind of attack process that seeks to lock a gadget controlled by the threat actor into a network.
Once inside, the payload can expand quickly through the attackers target pool. Microsoft explains how the attack begins:
“The first campaign phase involved stealing credentials in target organizations located predominantly in Australia, Singapore, Indonesia, and Thailand,” Microsoft says. “Stolen credentials were then leveraged in the second phase, in which attackers used compromised accounts to expand their foothold within the organization via lateral phishing as well as beyond the network via outbound spam.”
Importance of MFA
One of the reasons Microsoft is disclosing this information is to point out the importance of multifactor authentication (MFA). Microsoft has been big on promoting MFA while stressing the need to move to passwordless security in recent years.
According to the company, phase two of the new phishing campaign can be prevented by using MFA. The company found organizations with MFA could combat attacks, while those without were at more risk of lateral spread. For those organizations, the price was theft of credentials and other data theft.
Microsoft uses an example where the threat actor used the Outlook email platform to spread the attack. Once into an account by guessing a password, the attack targets the mailbox and slowly spreads the campaign.
Tip of the day: For the most part, Windows apps are stable, but they can still be still thrown out of whack by updates or configuration issues. Many boot their PC to find their Microsoft Store isn’t working or their Windows apps aren’t opening. Luckily Windows 11 and Windows 10 have an automatic repair feature for apps that can resolve such issues.