Microsoft Reports New Phishing Scam Attacks on Banking and Financial Companies

Banking and financial companies are the latest target of a new multi-stage adversary-in-the-middle (AitM) phishing and business email compromise attack, according to an announcement from Microsoft earlier this month.

Adversary-in-the-middle (T1557, T1111) is a type of attack that aims to intercept authentication between users and a legitimate authentication service for the purpose of compromising identities or performing other actions. The attackers position themselves between a user and the service to steal credentials and intercept MFA in order to capture the session cookie. “The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and follow-on BEC activity spanning multiple organizations,” Microsoft reported.

The attacks were carried out using indirect proxy, which allowed the hackers to curate the phishing pages to their targets and steal sensitive information through cookies and browsing data. The phishing emails contained a link which led users to a fake Microsoft sign-in page where their credentials were stolen. The information stolen was then used to hack into users’ emails and steal their sensitive information. Microsoft reported that hackers sent 16,000 phishing emails to the compromised users’ contacts containing dangerous malware.

What Should You Do If Your System Was Compromised?

Typically, changing all your passwords is enough to lock the hackers out of your accounts and ensure a compromise like this won’t happen again. However, in the case of an AiTM account, changing the passwords of the compromised accounts is ineffective because the hackers have learned how to manipulate MFA and set up persistence mechanisms to maintain control of a user’s account. MFA is still a crucial component to have to protect your business, but that alone is not enough against complex attacks like AiTM.

Email security integrations utilize multi-layered anti-virus, anti-spam, and phishing protection to shield your business against malware-based and malware-free email threats. These integrations leverage an analysis solution that detects and blocks advanced threats before it reaches inboxes.

Get Peace of Mind With Entara

Entara offers complete, integrated IT and cybersecurity solutions tailored to your company’s unique needs and challenges. As an eXtended Service Provider, in addition to managed IT and cybersecurity services, our 24x7x365 incident response team works day, night, and holidays to help businesses recover from cyberattacks and remediate their systems to avoid repeat events. We employ a range of security integrations, such as email security solutions, user awareness training, and technology services to better protect our clients’ systems, networks, and data. Connect with us to learn more about how we can support your organization.  

Scroll to Top