The is active attack running on the internet at the moment targeting the CEOs and CFOs of some of the biggest companies around. These threat actors are not looking for targets of opportunity, for the work they put in they only want targets that can return millions of Pounds or Dollars or Euros etc.
Crooks target top execs on Office 365 with MFA-bypass scheme • The Register
It is an attack that compromises the MFA used on Microsoft 365 accounts and steals the credentials of the high powered users. The threat actors then monitor the email – a classic business email compromise attack – until a sizable financial transaction attracts their attention and then they sweep in for the sting and then out quickly.
However this type of attack is not only aimed at big businesses, small companies can be the target as well, but maybe not for these threat actors. We have investigated such an attacks for clients and once we found the issues that led to the compromise, we have created, with them, a set of policies and procedures, that include text message confirmations of financial payments among other security steps to stop it happening again.
Clive Catton MSc (Cyber Security) – by-line and other articles
