One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8454066 |
| Date de publication | 2024-02-23 11:00:00 (vue: 2024-02-23 11:08:55) |
| Titre | Détection des connexions anormales O365 et des techniques d'évasion Detecting anomalous O365 logins and evasion techniques |
| Texte | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Summary Businesses across multiple industries, regardless of size, are at risk of being targeted with Microsoft 365 phishing campaigns. These campaigns trick users into visiting fake Microsoft login page where threat actors capture the user’s credentials. Even accounts with MFA can be victim to these types of attacks. There are several ways in which MFA is being bypassed with these types of campaigns. MFA Fatigue is one of the ways threat actors are bypassing MFA and this method attempts to exploit human error by repeatedly logging in with the stolen credentials causing an overwhelming number of MFA prompts in attempts to get the user to approve the login. Another MFA bypass technique is SIM Swapping. A SIM card is a small chip that your mobile carrier uses to hold identification information to tie your phone to you and your mobile carrier. Threat actors have found a weakness in this because there are scenarios where a customer may need a new SIM card (for example, they lost their phone). Carriers can transfer your identification information from your old SIM card to new one. SIM Swapping is when a threat actor abuses this feature and impersonates you to convince your mobile carrier to switch your phone number to a SIM card that is in the threat actor’s possession. This then allows the threat actor to receive MFA codes sent to your number via phone call or SMS. |
| Envoyé | Oui |
| Condensat | · alienvault · custom · disabling · enabling · implementing · leveraging · monthly · using · utilize 24/7/365 365 a user abused abuses access account accounts across actor actor’s actors adopt after alarm alerts alienvault allow allows analytics platform anomalous anomaly another any anywhere approve approving apps are article as vertek’s at&t attacks attempts author because been behavior behaviors being block businesses bypass bypassed bypassing call campaigns can cannot capture card carrier carriers causing chip cloud code codes coming commonly content controls convince credential credentials customer dark data defender detect detecting detection device devices does emails enabled endorse enforce enter error evasion even example exploit fake fatigue favored feature financial flag found from gaining get good have helps hide hold human identification identify impersonates importance in microsoft’s inbox industries information ins intelligence intune investigated know leaked legacy legit logging login logins lost m365 man managed management may mdm method mfa microsoft middle missing mitigation mobile monitoring motive multiple need new not notable notification number o365 occur old one only organization other overwhelming page passwords phish phished phishing phone policies positions possession post prompts protocols provided pulled push receive reconnaissance regardless regular repeatedly reporting responsibility risk risky rules scenarios security see sent service services session several sign sim size small sms soc solely some steal stolen such summary suspicious swapping switch targeted team technique techniques then these threat tie token tools tracking training transfer trick try types typically unaware understand unified unregistered use user user’s users uses using usm vertek’s victim views visiting wait ways weakness web when where which will your |
| Tags | Tool Threat Mobile Cloud |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.