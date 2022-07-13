ContributorsPublishersAdvertisers
This Microsoft phishing campaign can hack you, even if you have MFA

By Sead Fadilpašić
 3 days ago
(Image credit: Raj N)

Hackers are able to hijack Outlook email accounts even if they’re protected by multi-factor authentication, Microsoft has warned.

The company’s cybersecurity teams from the Threat Intelligence Center, and the Microsoft 365 Defender Research Team have uncovered (opens in new tab) a new large-scale phishing campaign that targeted more than 10,000 businesses in the past year.

The compromised email accounts are later used for business email compromise (BEC) attacks, in which the victim’s business partners, clients, and customers, end up being defrauded for their money.

Stealing session cookies

The victim would receive a phishing email, with a link to log into their Outlook account. That link, however, would lead them to a proxy site, seemingly identical to the legitimate one. The victim would try to log in, and the proxy site would allow it, sending all of the data through.

However, once the victim completes the authentication process, the attacker would steal the session cookie. As the user doesn’t need to be reauthenticated at every new page visit, that gives the threat actor full access, as well.

"From our observation, after a compromised account signed into the phishing site for the first time, the attacker used the stolen session cookie to authenticate to Outlook online (outlook.office.com)," Microsoft’s blog post said. "In multiple cases, the cookies had an MFA (opens in new tab) claim, which means that even if the organization had an MFA policy, the attacker used the session cookie to gain access on behalf of the compromised account."

After getting hold of the email account, the attackers would proceed to target the contacts in the inbox, using the stolen identities to try and trick them into sending payments of various sizes.

To make sure the original victim stays oblivious to the fact that their email accounts are being abused, the attackers would set up inbox rules on the endpoint, marking their emails as read by default, and moving them to archive, immediately. The attackers would check the inbox every couple of days, it was said.

"On one occasion, the attacker conducted multiple fraud attempts simultaneously from the same compromised mailbox," Microsoft says. "Every time the attacker found a new fraud target, they updated the Inbox rule they created to include these new targets' organization domains."

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This is the most powerful botnet ever seen

Web security experts Cloudflare have recently spotted a new botnet which it claims is probably the most powerful ever seen. Dubbed Mantis, the firm is claiming it evolved from a previously-known botnet - Meris. There are a few things that make Mantis exceptional, according to the researchers. First - it has fewer bots in its network, compared to its counterparts - around 5,000, but it is capable of launching excruciatingly powerful attacks.
This serious firmware flaw affects a whole load of Lenovo laptops

Three serious security vulnerabilities has been discovered, and patched, across a whole slew of Lenovo laptops. Cybersecurity experts from ESET uncovered the issue in the ReadyBootDxe driver used by some Lenovo notebooks, as well as two buffer overflow issues found in the SystemLoadDefaultDxe driver, potentially allowing threat actors to hijack the startup routine of Windows installations.
Hackers could use your Mac to exploit Microsoft Word security flaws

Microsoft has shed light on a flaw in macOS that, if exploited, could allow threat actors to run arbitrary code, remotely. The flaw, tracked as CVE-2022-26706, enables the circumvention of macOS App Sandbox rules, enabling macros in Word documents to run. For years now, macros have been used by numerous...
Now Windows 8.1 is displaying full end of life warnings

Windows 8.1 is set to reach end of life on January 10 2023, and the company is beginning to ramp up its operation to switch users over to its latest OS, Windows 11. Now, when logging into the operating system, Windows 8.1 will display a full-screen alert to notify users that security updates will cease at the beginning of next year.
Microsoft has fixed dozens of potentially serious Azure security bugs

The July 2022 Patch Tuesday cumulative update fixed dozens of serious vulnerabilities found in an Azure disaster recovery service, Microsoft has revealed. The company recently published a detailed breakdown of the July 2022 Patch Tuesday update, which addressed a total of 84 vulnerabilities, including in the Azure Site Recovery, a disaster-recovery tool that automatically switches workloads to a different location in case of an emergency, and which has had 32 vulnerabilities patched.
Microsoft links Holy Ghost ransomware operation to North Korean hackers

Holy Ghost, a lesser-known ransomware (opens in new tab) operator, is most likely being managed by North Korean hackers, Microsoft has said. The company’s Threat Intelligence Center (MSTIC) has been tracking the malware (opens in new tab) variant for more than a year now, and has found multiple evidence pointing to North Koreans being behind the operation.
Why people are still buying GTA 5

It’s sort of ridiculous when you think about it. Grand Theft Auto 5 is almost 10 years old, and now dominating its third generation of consoles – a dynasty with no children. Sure, there are comparably successful games: League of Legends, for instance, has lasted my entire decade in games journalism without beginning to fade away. But GTA 5 wasn’t a live service. Not when it launched; not really. In 2013, GTA Online was what you played if you wanted to have a really shit day in Los Santos, punctuated by repetitive missions and lost data. It took long years to get into shape, like Michael De Santa huffing and puffing through his yoga class. If the online mode that has become Rockstar’s cash cow had been GTA 5’s only offering at launch, it would have gone the way of APB: All Points Bulletin.
Google Cloud unveils its first Arm-powered VMs

Google Cloud has announced its first line of ARM-based virtual machines (VMs). The new Tau T2A chips (opens in new tab) will join Google's existing line of Tau VMs, which were launched in June 2021. Google says the new chips will be appropriate for scale-out workloads including web servers, containerized...
This Windows 11 update breaks as much as it fixes

Windows 11 is getting some mixed reviews from its userbase right now, and it looks like issues caused by the latest security update aren't going to sway opinions in a more positive direction. As reported by Windows Latest (opens in new tab), Windows 11 update KB5015814 has been released onto...
Hacked WordPress sites are being boosted with PayPal phishing kit

Researchers at Akamai have discovered a new and sophisticated phishing scam targeting over 400 million potential PayPal customers. Akamai staff found out about the scam after finding it embedded inside their own WordPress site, and countless other genuine WordPress sites are thought to have been hacked, too. Most at risk...
Samsung launches Galaxy M13 series, and they cost from Rs 11,999

The popular Samsung Galaxy M range of smartphones have expanded with the arrival of the Galaxy M13 and Galaxy M13 5G today in India. These smartphones will be available on Samsung.com, Amazon and at retail stores from July 23. The Galaxy M13 series is available in two variants - 4GB+64GB...
Google wants to transform your old PC or Mac into a Chromebook

Google has announced the launch of ChromeOS Flex, a lighter operating system that can kickstart your old PC or Mac by transforming it into a Chromebook-esque device. First announced back in February 2022, ChromeOS Flex is available now to download on many Windows and macOS devices, with Google saying it is especially handy for older machines, giving businesses and schools in particular more flexibility on their software choices.
Nothing Phone 1 review

At first blush, the appeal of the Nothing Phone 1 rests on its standout design and the strength of its story. The company has clearly learnt lessons from its first product and the level of polish applied to the Phone 1 surpasses expectations, while unique features like its transparent back and glyph lighting marry novelty and functionality in a way that's absent from most other phones.
