Within the past 12 months, we’ve tracked a significant increase in successful Business Email Compromise attacks. The attackers employed a method that allowed them to bypass Multifactor Authentication (MFA), a security measure that requires more than one form of verification to access an account, thus making it a critical defense mechanism for online security.
The cybercriminals crafted landing pages that mimicked the Office 365 login page. These fake pages were designed to intercept the authentication process, enabling the attackers to steal login credentials and session cookies. Session cookies are small pieces of data stored on your computer that keep you logged into a website, so by obtaining these, the attackers could access email accounts without needing to bypass MFA again.
Once inside the victims’ email accounts, the attackers launched Business Email Compromise (BEC) attacks. The FBI’s Internet Crime Complaint Center (IC3) has historically reported increases in losses due to BEC attacks year over year. Given the trends, it’s reasonable to assume that the period over the last 12 months has seen a continuation of this pattern, with BEC attacks becoming more frequent and more costly.
The technique used by the attackers, known as “adversary-in-the-middle” (AiTM) phishing, acts as a man-in-the-middle during the login process. This allows them to capture sensitive information and effectively bypass MFA protections.
Call to Action
As a business leader, it’s crucial to understand that while MFA is an essential layer of security, it is fallible. This situation highlights the importance of adopting a comprehensive cybersecurity strategy that includes, but is not limited to, MFA. Here are actionable steps you can take to protect your organization:
- Educate Your Team: Regularly train your employees on the latest phishing tactics and encourage them to be skeptical of unexpected emails, especially those that prompt them to enter login credentials.
- Implement Advanced Security Measures: Beyond MFA, consider adopting additional security layers such as Endpoint Detection and Response (EDR) and Security Information and Event Management (SIEM) systems for your Microsoft 365 account. These services work to detect and respond to suspicious activities in real-time, thereby reducing your potential losses.
- Regularly Update and Patch Systems: Ensure that all software and systems are up to date with the latest security patches. Attackers often exploit known vulnerabilities that have already been fixed in newer versions of the software.
- Conduct Regular Security Audits: Regularly evaluate your security posture to identify and mitigate potential vulnerabilities before they can be exploited by attackers. A yearly penetration test is the minimum standard today. For organizations in high-risk industries such as finance and healthcare, a monthly automated scan of the devices and environment they operate in is crucial.
- Develop a Response Plan: Have a clear incident response plan in place. Knowing how to react in the event of a breach can significantly reduce the damage caused by an attack, including the reputational harm associated with an attack.
Keep in mind that cybersecurity is a continuous journey that today’s business leaders must tackle decisively. By remaining vigilant and forward-thinking, you can greatly lower the chances of your organization surrendering to the increasingly prevalent and complex cyber threats.
Learn how to fortify your defenses by contacting us. Click the following link: https://www.makingtecheasy.com/contact-us/