Microsoft has released information regarding a multi-stage phishing effort that allowed attackers to use the concept of Bring Your Own Device (BYOD) to spread malware across an organization’s network invisibly.
Concerning the campaign
The campaign took advantage of devices that did not have MultiFactor Authentication enabled, according to the Microsoft 365 Defender Threat Intelligence Team (MFA).
Employees working for companies in Australia, Singapore, Indonesia, and Thailand were targeted in the first phase of the effort, which comprised stealing credentials and compromising accounts.
In the second phase, the compromised accounts were leveraged to gain a foothold within the targeted organisation using lateral phishing or outbound spam.
It’s worth mentioning
The researchers emphasised the importance of extra defensive measures such as MFA, stating that those organisations that did not enable MFA were impacted by the campaign.
Those who had implemented multi-factor authentication (MFA), which prohibits attackers from using stolen credentials to gain access to devices or networks, were able to thwart the campaign.
The most important takeaways
As a growing number of employees choose a hybrid work model, the potential attack surface for cyber threats continues to grow. This blurs the line between internal and external company networks, posing a significant increase in cyber dangers.
The usage of unmanaged apps, services, devices, and other infrastructure that operate outside of established policies is one of the primary hazards. Unmanaged devices are frequently overlooked or overlooked by security personnel, making them profitable attack vectors for criminals. BYOD can be used by attackers to execute lateral moves and gain persistence for future attacks.