Multifactor Authentication (MFA) is not enough security for today’s sophisticated threat actors. I was reading the Abnormal blog and they posted yet another example of how MFA can be beat. They wrote about the VENOM platform HERE.
Key things to know.
- VENOM (and pretty much most future phishing attacks) is harvesting data to customize very tactical and realistic looking phishing emails. AI is empowering phishing to know everything about the target, the company the target works for, and able to come up with personal messages within seconds.
- Phishing attacks like VENOM can leverage compromised business email accounts to beat filtering around risky or unusual email addresses.
- Email addresses can be created to look as if they came from inside the company
- QR codes are bad. You can’t read or understand what they do using the human eye so its best to not trust them. This post example showed VENOM using QR codes.
- Security tools can have trouble detecting sophisticated phishing attacks containing QR codes or other links. This post showed how VENOM injects false information to throw off detection tools, which such data is not visible to the target reading the email.
- Many threat actor tool kits from phishing tools to ransomware will have a gate that validates the target is human vs security tool before allowing access to the next stage of the attack. So tools like sandboxes are not always going to work.
- Adversary -in-the-middle (AiTM) is becoming a common technique to bypass MFA. It works by providing a fake version of the target’s reas identity provider. One strong solution against this is conditional access policies that check for corperate issued machines, locations, etc.
- If VENOM is successful, it will use the authenticated session it just proxied to register an attacker-controlled MFA device on the target’s real Microsoft 365 account.
Check out the post HERE. And think beyond MFA for your defense strategy.