The FBI has warned of the danger from a new wave of phishing attacks generated by a tool called Kali365.
It enables cyber criminals to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user’s credentials by capturing Oauth tokens linked to the victim’s Microsoft 365 account.
The scam works in a similar way to most phishing attacks. An attacker sends an email purporting to be from a trusted cloud document sharing service, including instructions to enter a particular code on a legitimate Microsoft site.
The code, however, authorizes the attacker’s device to access the victim’s Microsoft account.
The FBI has issued a set of instructions for IT security managers to help mitigate the Kali365 attack before it affects their users. These include creating a conditional access policy to block code flow for all users, with exceptions for the necessary business processes. Managers should also block authentication transfer policies, preventing users from handing over their access rights from a corporate PC to a mobile device.
Phishing remains a major threat for organizations. According to a World Economic Forum report from January this year, CEOs worldwide see it as the main security threat. It’s also something that is not going away, 77 percent of organizations think that the number of phishing attacks has increased in the past year. Kali365 has just added to that number.
This article first appeared on CSO.
Read the full article here
