Business email compromise (BEC) attacks, where hackers hijack finance-related email threads and trick employees into wiring money to the wrong accounts, has led to losses of tens of billions of dollars over the past several years. These scams are growing more sophisticated, and hackers have developed ways to bypass multi-factor authentication (MFA) on cloud productivity services like Microsoft 365 (formerly Office 365).
A BEC attack recently analyzed by cloud incident response company Mitiga used an adversary-in-the-middle (AitM) phishing attack to bypass Microsoft Office 365 MFA and gain access to a business executive’s account and then managed to add a second authenticator device to the account for persistent access. According to the researchers, the campaign they analyzed is widespread and targets large transactions of up to several million dollars each.