Microsoft Security Highlights Importance of MFA in Combatting New Phishing Attack Methods

Business Technology by Juliana Luwoye on January 27, 2022 add comment 284 views

Back in July, Microsoft acquired cloud security firm CloudKnox to bolster protection on the Microsoft Azure platform. This week, Microsoft is back to explain exactly how CloudKnox will work on Azure and how the service will function moving forward. Specifically, Microsoft says CloudKnox will continue to be available as a separate product for new and existing customers. For those who are using the service outside Azure, “sales, engineering, and service support” will now come from Microsoft. Pricing will also remain the same, says Alex Simons, corporate vice president for identity program management at Microsoft. Instead of lock down the service to Azure exclusivity, CloudKnox will continue as a multi-cloud security tool:

Phishing attacks often rely on the simplest methods to trick people. However, like other forms of cybercrime, threat actors must constantly evolve their techniques. Once a phishing scheme is understood, it is harder to keep using the same attack method. A report from Microsoft 365 Defender Threat Intelligence Team shows what the latest evolution of phishing looks like.

In a Microsoft Security blog post, the team discusses a phishing campaign that functions across multiple phases. It is a new kind of attack process that seeks to lock a gadget controlled by the threat actor into a network.

Once inside, the payload can expand quickly through the attackers target pool. Microsoft explains how the attack begins:

“The first campaign phase involved stealing credentials in target organizations located predominantly in Australia, Singapore, Indonesia, and Thailand,” Microsoft says. “Stolen credentials were then leveraged in the second phase, in which attackers used compromised accounts to expand their foothold within the organization via lateral phishing as well as beyond the network via outbound spam.”

Importance of MFA

One of the reasons Microsoft is disclosing this information is to point out the importance of multifactor authentication (MFA). Microsoft has been big on promoting MFA while stressing the need to move to passwordless security in recent years.

According to the company, phase two of the new phishing campaign can be prevented by using MFA. The company found organizations with MFA could combat attacks, while those without were at more risk of lateral spread. For those organizations, the price was theft of credentials and other data theft.

Microsoft uses an example where the threat actor used the Outlook email platform to spread the attack. Once into an account by guessing a password, the attack targets the mailbox and slowly spreads the campaign.

Tip of the day: For the most part, Windows apps are stable, but they can still be still thrown out of whack by updates or configuration issues. Many boot their PC to find their Microsoft Store isn’t working or their Windows apps aren’t opening. Luckily Windows 11 and Windows 10 have an automatic repair feature for apps that can resolve such issues.

Source Winbuzzer