78% of Microsoft 365 Admins Do NOT Have Multi-Factor Authentication Enabled
Here’s some stats for you:
Recently, cybercriminals instigated a high-end spear-phishing campaign targeting executive users of Office 365. The attack bypassed multi-factor authentication (MFA) through a Microsoft 365 security flaw (reference).
The Microsoft 365 design flaw gave attackers unrestricted access to user accounts, allowing them to monitor email accounts. The goal of the monitoring was to identify when a substantial transaction was made and then initiate a fraudulent email requesting change of the destination bank account to the attacker’s account. Essentially, it was an email bank scam.
Because of the widespread use of Microsoft 365, this scam is now also widespread, specifically targeting executives and large transactions of up to multiple millions of dollars each.
Fraudulent emails addressed the victim by name and requested wiring instructions. Remember: banks will never request wiring instructions via email. They request them over the phone. This is sign #1! The email also used the actual company’s name and bank name. While seemingly legitimate, emails regarding bank wiring instructions should also be confirmed via phone.
Nonetheless, this scam obviously works or it wouldn’t be so widespread.
Email security remains a hot topic, and email phishing campaigns show no sign of slowing. Historically, we know that email security is a necessary focus for organizations prioritizing cybersecurity. In 2020 alone, 39% of phishing attacks were successful, and in 2021, 75% of phishing threats were delivered via email. For 2022, we’re seeing similar trends and a growing necessity to prioritize email security.
If your organization is looking to organize your cybersecurity plan and focus, PK Tech can help. We service small to medium-sized businesses in the Greater Phoenix Area. No matter your industry, we can support your business. Get in touch with our team.
Here’s some stats for you:
Are you under the impression that Microsoft is responsible for the backups inside of solutions like Office 365, Exchange Online, OneDrive and...
When it comes to phishing attacks, a few techniques are most commonly used to attack PCs. Data from cybersecurity company Proofpoint analyzed...