By Nermeen Nabil Khear 
- Security researchers warning of new phishing campaign
- This one abuses Microsoft’s authentication system
- The goal is to steal sensitive data and login credentials
Cybercriminals are impersonating Microsoft’s Active Directory Federation Services (ADFS) to steal people’s passwords, log into their accounts, and grab any sensitive information found there, experts have warned.
A new report from cybersecurity researchers Abnormal Security noted how the attack starts with a phishing email, impersonating the target company’s IT team, and claiming that the system has been upgraded and that all users need to re-authenticate.
Obviously, the email also comes with a clickable button, which takes the victim to a phishing site that looks identical to their organization’s real ADFS login page.
Redirecting the victims
Microsoft’s Active Directory Federation Services (AD FS) is a single sign-on (SSO) solution that allows users to access multiple applications using a single set of credentials. It extends Active Directory (AD) to provide federated identity management, enabling seamless and secure authentication across different organizations, cloud services, and applications.
This page asks for login credentials and MFA codes.
“The phishing templates also include forms designed to capture the specific second factor required to authenticate the target’s account, based on the organization’s configured MFA settings,” Abnormal said in the paper.
“Abnormal observed templates targeting multiple commonly used MFA mechanisms, including Microsoft Authenticator, Duo Security, and SMS verification.”
When the victim types in their login details, the landing page redirects them to the legitimate sign-in page, to keep the ruse going. In the background, however, the attackers are already logging in, stealing sensitive data, creating new email filter rules, and trying to move laterally throughout the target network.
Abnormal added that the campaign mostly targets organizations in education, healthcare, and public sector industries. So far, some 150 organizations have been targeted, it added. The goal of the campaign doesn’t seem to be espionage. Instead, it seems to be financially motivated.
You might also like
- A new Microsoft 365 phishing service has emerged, so be on your guard
- We’ve rounded up the best password managers
- Take a look at our guide to the best authenticator app
This articles is written by : Nermeen Nabil Khear Abdelmalak
All rights reserved to : USAGOLDMIES . www.usagoldmines.com
You can Enjoy surfing our website categories and read more content in many fields you may like .
Why USAGoldMines ?
USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.