Researchers at Abnormal Security have detected an increase in business email compromise attacks that successfully compromise email accounts despite the use of multi-factor authentication (MFA) and Conditional Access.
This is possible because legacy email protocols, including IMAP, SMTP, MAPI and POP, don’t support MFA. In addition many common applications — such as those used by mobile email clients (for example, iOS Mail for iOS 10 and older) — don’t support modern authentication.
A common pattern in account takeovers is that after being blocked by MFA an attacker will immediately switch to using a legacy application. In fact, most credential stuffing campaigns use legacy applications such as IMAP4 in order to ensure they don’t encounter difficulties from MFA at any point.
- DDoS attacks increase more than 500 percent over last yearThe second quarter of 2020 has seen a massive 570 percent increase in ‘bit-and-piece’ DDoS attacks … Read More
- Instagram patches bug that allowed hackers to take over users’ phones – Update Now!The bug would have allowed a bad actor to take over a user’s smartphone by sending … Read More
- Malicious cyber actors are actively exploiting Zerologon Windows vulnerability – Microsoft warnsMicrosoft warned on Thursday that malicious cyber actors have been exploiting the dangerous Zerologon vulnerability in … Read More
- Which console is right for you? Xbox Series X vs. PS5The Xbox Series X and PS5 from Microsoft and Sony, respectively, are due to arrive in … Read More
- PlayStation 5 will launch Nov. 12 at GHC2900Sony’s upcoming PlayStation 5 video game console will cost GHC3,000 and launch Nov. 12, the company … Read More
Abnormal has observed successful account takeovers where the attacker bypasses the policy by obscuring the name of the app they’re using. In one case, the attacker initially attempted to sign in using a legacy application but was blocked by Conditional Access. The attacker then waited several days before trying again, this time with the app information obscured, and successfully gained access to the account.
This demonstrates that while most account takeover attempts use brute force attacks and password spraying techniques, some attackers are more methodical and deliberate.
You can read more about the attack and how it works on the Abnormal Security blog.
source/reference: betanews.com/Abnormal Security