Home » Security » Email attacks: Criminals bypass multi-factor authentication to hijack email accounts

Email attacks: Criminals bypass multi-factor authentication to hijack email accounts

Email attacks: Researchers at Abnormal Security have detected an increase in business email compromise attacks that successfully compromise email accounts despite the use of multi-factor authentication (MFA) and Conditional Access

IT News Nigeria

This is possible because legacy email protocols, including IMAP, SMTP, MAPI and POP, don’t support MFA. In addition many common applications — such as those used by mobile email clients (for example, iOS Mail for iOS 10 and older) — don’t support modern authentication.

A common pattern in account takeovers is that after being blocked by MFA an attacker will immediately switch to using a legacy application. In fact, most credential stuffing campaigns use legacy applications such as IMAP4 in order to ensure they don’t encounter difficulties from MFA at any point.

Abnormal has observed successful account takeovers where the attacker bypasses the policy by obscuring the name of the app they’re using. In one case, the attacker initially attempted to sign in using a legacy application but was blocked by Conditional Access. The attacker then waited several days before trying again, this time with the app information obscured, and successfully gained access to the account.

This demonstrates that while most account takeover attempts use brute force attacks and password spraying techniques, some attackers are more methodical and deliberate.

 For more visit Abnormal Security blog , Twitter staff hack

Photo Credit:Balefire/Shutterstock

  • betanews
READ ALSO  Sophos discovers Trickbot attackers leveraging Coronavirus fears to send spam mails

Leave a Reply

Your email address will not be published. Required fields are marked *

*

x

Check Also

scams phishing malware

Scams, phishing and malware : 60% of emails in May and June were fraudulent

Scams , phishing, and malware : ...

account takeovers 61 percent

61 percent of companies experience insider attacks

A new survey from Bitglass reveals that 61 ...

access bank

Access Bank denies hacker Ihebuzo Chris exposes 2000 customers’ data

Access Bank Plc  says it is ...

office 365 attack

Office 365: New phishing attack tries to steal credentials via Box

Office 365 new phishing attack: Researchers ...

UNILAG postgraduate student charged for allegedly defrauding Konga

UNILAG postgraduatestudent, Aniekan Charles Ekong has ...