Forum Discussion

AshleyMartin's avatar
AshleyMartin
Icon for Microsoft rankMicrosoft
Jan 26, 2022

New Blog Post | Evolved phishing: Device registration trick adds to phishers’ toolbox

Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA - Microsoft Security Blog

We have recently uncovered a large-scale, multi-phase campaign that adds a novel technique to traditional phishing tactics by joining an attacker-operated device to an organization’s network to further propagate the campaign. We observed that the second stage of the campaign was successful against victims that did not implement multifactor authentication (MFA), an essential pillar of identity security. Without additional protective measures such as MFA, the attack takes advantage of the concept of bring-your-own-device (BYOD) via the ability to register a device using freshly stolen credentials.

 

No RepliesBe the first to reply

Resources