The FBI has warned of the danger from a recent wave of phishing attacks generated by a tool called Kali365.
It enables cyber criminals to acquire Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user’s credentials by capturing Oauth tokens linked to the victim’s Microsoft 365 account.
The scam works in an analogous solution to most phishing attacks. An attacker sends an email purporting to be from a trusted cloud document sharing service, including instructions to enter a specific code on a legitimate Microsoft site.
The code, nevertheless, authorizes the attacker’s device to access the victim’s Microsoft account.
The FBI has issued a set of instructions for IT security managers to assist mitigate the Kali365 attack before it affects their users. These include making a conditional access policy to dam code flow for all users, with exceptions for the obligatory business processes. Managers must also block authentication transfer policies, stopping users from handing over their access rights from a company PC to a mobile device.
Phishing stays a significant threat for organizations. In response to a World Economic Forum report from January this 12 months, CEOs worldwide see it because the principal security threat. It’s also something that will not be going away, 77 percent of organizations think that the variety of phishing attacks has increased up to now 12 months. Kali365 has just added to that number.
This text first appeared on CSO.