Microsoft Phishing Attacks
In today’s SensCy Cyber Brief, your SensCy team of cybersecurity experts is reviewing the latest Microsoft report on a “large-scale phishing campaign” that targeted over 10,000 organizations since September 2021.
What is Phishing?
Phishing is when a criminal creates a fake email that looks like it’s coming from someone inside the company or another reputable company. These emails contain a link or an attachment to be downloaded. The objective is to get you to provide your login credentials or download malicious viruses. These emails are sophisticated and often look real.
Phishing is one on of the most common technique hackers use to gain access to your organization. According to the 2021 Microsoft Digital Defense Report, phishing attacks doubled in 2020, and the numbers are likely to have increased in 2021. The reason for this increase is simple, the hackers target the most vulnerable asset of your organization: your employees.
Multi Factor Authentication (MFA) is still one of the most important layers of security you can implement in your organization to avoid credential theft. However, the phishing attack disclosed by Microsoft can bypass any authentication process, even if the user had enabled MFA on their account. This type of attack is called an “Adversary-in-the-middle” or AiTM.
It is important to note that the hacker still needs an employee to fall victim to a phishing email and enter their credentials on a proxy website for this attack to work. Once the employee enters their credentials, the hacker intercepts the victim’s passwords and session cookie that proves their “ongoing and authenticated session with the site.”
How to protect your company from an AiTM phishing attack
If you are a Microsoft license user (Microsoft 365 E5, A5, F5, and G5) you could add Microsoft 365 Defender or Microsoft Sentinel to your arsenal of tools. (Please contact Microsoft for more information)
The SensCy team recommends a continued, in depth, phishing training for all employees to raise awareness as we believe that the complexity of phishing attacks will likely increase and rapidly evolve. Please contact your SensCy client advocate for any additional questions.

Figure 1 AiTM phishing website intercepting the authentication process.
To learn more about this type of attack, click here.