Clever Phishing Attack Bypasses MFA to Nab Microsoft Office 365 Credentials – Expert Reaction

Cofence has discovered an attack that bypasses MFA to nab Microsoft 365 credentials. Researchers at Cofense Phishing Defense Center discovered the tactic, which leverages the OAuth2 framework and OpenID Connect (OIDC) protocol and uses a malicious SharePoint link to trick users into granting permissions to a rogue application, researcher Elmer Hernandez wrote in a blog post published Tuesday.


EXPERTS COMMENTS
Niamh Muldoon, Senior Director of Trust and Security EMEA,  OneLogin
May 21, 2020
This new type of attack demonstrates that multi-factor authentication alone is not enough to protect against increasingly sophisticated phishing attacks.
Phishing is the mechanism for malicious attackers to gain access to organisation networks and/or systems and malicious attackers are moving away from traditional delivery mechanisms of phishing links such as email. This new type of attack demonstrates that multi-factor authentication alone is not enough to protect against increasingly sophisticated phishing attacks and now even traditional forms ....
[Read More >>]
Dan Conrad, Field Strategist,  One Identity
May 21, 2020
This is a very well-crafted phish as it “front ends” O365 with a malicious SharePoint site.
This is a very well-crafted phish as it “front ends” O365 with a malicious SharePoint site. When the user authenticates to O365 it grants this site access to the user's data. It goes beyond the simple gaining of a user’s password and possibly moving laterally or elevating privilege. From an attacker’s perspective, this type of effort would be used for specific targets (aka “whaling”) ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article