Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

BEC Attacks Bypassing Microsoft 365 MFA

June 17, 2021

We’ve said it many times…enable multi-factor authentication (MFA) for ANY account. According to Microsoft’s own analysis, MFA will stop 99.9% of credential-based account attacks. However, don’t walk away with the false impression that MFA is 100% secure. Be wary of MFA codes that are sent via SMS text messages. There is a possibility that the code can be intercepted using SIM swapping or tricking you to enter the code into a false logon screen. Using an authentication app is a more secure alternative and push notifications are better yet.

As if the cyber world isn’t scary enough, cybercriminals have found a way to bypass MFA for Microsoft 365 accounts. Microsoft has a post describing the technical details of how a major BEC campaign is successfully getting around accounts with MFA. The post gets a little into the weeds, but the essential problem is connections being allowed via legacy methods such as IMAP/POP3. To protect you from this new breed of attack, make sure that your Microsoft 365 account has IMAP/POP3 disabled. You may have to get assistance from your IT support folks, but make it happen today.

Email:  Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com