Microsoft has shared details about a multi-stage phishing campaign that enabled attackers to take advantage of the concept Bring Your Own Device (BYOD) to stealthily propagate across an organization’s network.
About the campaign
- According to Microsoft 365 Defender Threat Intelligence Team, the campaign took advantage of the devices that did not implement MultiFactor Authentication (MFA).
- The first phase of the campaign involved stealing credentials and compromising accounts of employees working in organizations located in Australia, Singapore, Indonesia, and Thailand.
- The compromised accounts were used in the second phase to expand their foothold within the targeted organization via lateral phishing or via outbound spam.
Worth noting
- Stressing on the necessity of additional protective measures such as MFA, the researchers said that those organizations that failed to enable MFA were affected by the campaign.
- However, those that had implemented MFA, which prevents attackers from being able to use stolen credentials to gain access to devices or networks, could foil the campaign.
Key takeaways
The potential attack surface for cyber threats continues to expand as a large number of employees are adopting a hybrid work model. This shifts the boundaries between internal and external corporate networks, increasing cyber risks by manifold.
One of the major risks stems from the use of unmanaged apps, services, devices, and other infrastructure operating outside standard policies. These unmanaged devices are often ignored or missed by security teams, making them lucrative attack vectors to target organizations. Attackers can misuse such BYOD to perform lateral movements, and achieve persistence for future attacks.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/79f7_shutterstock_1918119194.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_457896439.jpg)
