The value of multifactor authentication (MFA) is illustrated by a recently published report by Microsoft’s security team about a multi-stage, large-scale phishing campaign that was effective only against organizations without MFA.
In these attacks, the bad actors first stole victims’ credentials using a fake DocuSign phish that directed them to a spoofed Office 365 login. The attackers then exploited the prevalence of BYOD policies to register their own devices on the target network using the stolen credentials.
However, because properly deployed MFA prevents attackers from using stolen credentials to access devices or networks, those organizations using MFA were safe because the attackers were not able to move forward with the second stage of the attack to expand their presence on the targeted network and propagate the attack further.
The Microsoft security team said the attacks demonstrated just how flawed the use of usernames and passwords is as a method for authentication,...
Subscribe to our Podcasts
How can we help you