Mitiga in the News

Researchers discovered the complicated attack that involved phishing, a flaw in Office 365 and adversary-in-the-middle exploits.

'Widespread' campaign hunts for multimillion-dollar transactions: A business email compromise scheme targeting CEOs and CFOs using Microsoft Office 365 combines phishing with a man-in-the-middle attack to defeat multi-factor authentication.

During an incident response investigation, Mitiga discovered attackers were able to create a second authenticator with no multifactor authentication requirements.

Over the last two years, digital transformation projects have accelerated and cloud-based collaboration platforms, such as Office 365 and Slack, have been adopted even more rapidly (no doubt accelerated by the pandemic and increased accessibility via smart phones and reliable internet access).

Cybersecurity experts are warning of a new, widespread business email compromise (BEC) campaign, which seeks to reroute large money transactions to bank accounts belonging to the attackers.

A new business email compromise (BEC) campaign has been targeting Microsoft 365 organizations in a bid to hack corporate executives’ accounts and maliciously divert business payments.

Cybersecurity researchers detail a BEC scam targeting high-level Microsoft Office 365 accounts, even if they're protected with MFA.

Researchers spotted a sophisticated business email compromise (BEC) campaign targeting Microsoft 365 organizations, leveraging inherent weaknesses in Microsoft 365 Multi-Factor Authentication (MFA), Microsoft Authenticator, and Microsoft 365 Identity Protection.

Microsoft has been pushing for the use of multi-factor authentication (MFA) to thwart attackers for many years. But threat actors are keeping up with the increasing enterprise adoption of MFA and are constantly coming up with ways to bypass the additional protection it offers.