International 
Politics 
Local 
Finance 
Sports 
Entertainment 
Lifestyle 
Technology 
Literature 
Science 
Health 
1 year ago
37
Sneaky 2FA attack warning flag raised for M365 users.
gettyThere is no escaping the phishing threat, as WhatsApp and PayPal users have been warned. Gmail and Outlook users don’t escape the attack warnings, and the addition of two-factor authentication bypass hacks just muddies the security waters. Now, French security researchers have exposed another new adversary-in-the-middle attack that targets Microsoft 365 accounts, stealing credentials and bypassing 2FA protections in the process. Here’s what you need to know.
ForbesYubico Issues Security Advisory As 2FA Bypass Vulnerability ConfirmedBy Davey Winder
The Sneaky 2FA Attack Warning
A cybercrime group known as Sneaky Log has been selling a 2FA-bypassing phishing-as-a-service kit called Sneaky 2FA since late last year. Researchers from the French cybersecurity company Sekoia have now published a new report warning how the kit, operating by way of a bot service via Telegram, targets Microsoft 365 account holders.
“Customers reportedly receive access to a licensed obfuscated version of the source code and deploy it independently,” Sekoia researchers Quentin Bourgue and Grégoire Clermont said, “Currently, Sneaky 2FA’s phishing pages are hosted on compromised infrastructure, frequently involving WordPress websites and other domains controlled by the attacker.” Costing $200 per month, the Sneaky Log sales team offers reductions that bring the cost down depending upon the length of the subscription.
Like so many of these kits, take a look at Rockstar 2FA, example, Sneaky 2FA harvests Microsoft 365 session cookies in order to bypass the 2FA process during subsequent attacks so that authentication appears, indeed is, legitimate as far as the session is concerned.
Elad Luz, head of research at Oasis Security, told SC Media that the threat actors had “blurred out screenshots of Microsoft webpages to create a convincing login background,” which made it “appear as though users will access legitimate content after successfully logging in.”
I have reached out to Microsoft for a statement.
ForbesFBI Confirms It Deleted Files From 4,258 U.S.-Based ComputersBy Davey Winder
Mitigating 2FA Bypass Attacks
Although this 2FA bypass attack targets Microsoft 365 users, this kind of threat is not just aimed at Microsoft and can impact users of any accounts that are perceived to be of high value to the threat actors involved. The common factor in most such attacks is the phishing aspect, so that’s where the mitigation methodology must sit: this fascinating article explores methods of mitigating phishing attacks.
English (US)