Attackers add rogue PC to victims' networks in this sneaky phishing campaign

Microsoft has raised an alarm about a new multi-phase phishing campaign that first enrolls an attacker’s BYOD device on a corporate network and then begins sending thousands of convincing phishing emails to further targets. 

The purpose of enrolling or registering a device on a target company’s network was to avoid detection during later phishing attacks, according to Microsoft.   

Microsoft says “most” organizations that had enabled multi-factor authentication (MFA) for Office 365 were not impacted by phishing emails spread by attacker-controlled registered devices, but those that had not enabled MFA were all affected. 

SEE: A winning strategy for cybersecurity (ZDNet special report)

The attack exploited instances where MFA was not enforced during the process of registering a new device with a company’s instance of Microsoft’s identity service, Azure Active Directory (Azure AD); or when enrolling a BYOD device to a mobile device management (MDM) platform like Microosft’s Intune.

“While multiple users within various organizations were compromised in the first wave, the attack did not progress past this stage for the majority of targets as they had MFA enabled. The attack’s propagation heavily relied on a lack of MFA protocols,” Microsoft said

“Enabling MFA for Office 365 applications or while registering new devices could

Read More: