Forum Discussion
AshleyMartin
Microsoft
Jan 26, 2022New Blog Post | Evolved phishing: Device registration trick adds to phishers’ toolbox
We have recently uncovered a large-scale, multi-phase campaign that adds a novel technique to traditional phishing tactics by joining an attacker-operated device to an organization’s network to further propagate the campaign. We observed that the second stage of the campaign was successful against victims that did not implement multifactor authentication (MFA), an essential pillar of identity security. Without additional protective measures such as MFA, the attack takes advantage of the concept of bring-your-own-device (BYOD) via the ability to register a device using freshly stolen credentials.
No RepliesBe the first to reply