How attackers use and abuse Microsoft MFA
For many years, Microsoft has pushed for the adoption of multi-factor authentication (MFA) to thwart intruders. Threat actors, however, are keeping up with the growing enterprise usage of MFA and are consistently developing ways to evade the added security it provides. Also Read: Click here Attacks including SIM swapping, vulnerability exploitation, rogue apps, antiquated authentication protocols. MFA prompt bombing (also known as MFA weariness), stolen session cookies, and (custom) phishing kits with MFA-bypassing functionality have already been observed. Researchers from Mandiant and Mitiga have more recently described various methods through which attackers might (mis)use Microsoft MFA to their advantage. Attackers take over dormant Microsoft accounts and set up MFA APT29 (also known as Cozy Bear or Nobelium) and other threat actors have developed a new strategy that involves taking advantage of the MFA self-enrollment process in Azure Active Directory and other systems. Accor...