![]() ![]() ![]() To do that, the user must only have the correct username and password, which means that an attacker who has that knowledge can access the account and set up MFA for it. When implementing MFA, most organizations and platforms allow users to enroll their first MFA device at the next login. Attackers take over dormant Microsoft accounts and set up MFAĭouglas Bienstock, an IR manager at Mandiant, shared last week a new tactic by APT29 (aka Cozy Bear, aka Nobelium) and other threat actors that involves taking advantage of the self-enrollment process for MFA in Azure Active Directory and other platforms. More recently, Mandiant and Mitiga researchers have documented different approaches that allow attackers to (mis)use Microsoft MFA to their advantage. We have already seen attacks involving SIM swapping, exploitation of vulnerabilities, rogue apps, legacy authentication protocols, MFA prompt bombing (aka MFA fatigue), stolen session cookies, and ( custom) phishing kits with MFA-bypassing capability. Microsoft has been pushing for the use of multi-factor authentication (MFA) to thwart attackers for many years.īut threat actors are keeping up with the increasing enterprise adoption of MFA and are constantly coming up with ways to bypass the additional protection it offers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |