DemoBlade

Dark reading logo

News

Health it security logo

Threat post logo

While brute-forcing and password spraying techniques are the most common way to mount account takeovers, more methodical cybercriminals are able to gain access to accounts even with more secure MFA protocols in place.

Attackers Hone in on MFA Bypass Options for Account Takeovers

Researchers observed an increase in business email compromise phishing campaigns able to bypass MFA, while Trend Micro found an uptick in BEC scams targeting executive Office 365 accounts.

BEC Phishing Campaigns Bypass MFA, Target Office 365 Executive Accounts

Fortune logo

Symbol white 01b

Press Releases

Trends in BEC and email security during Q2 2020 included a peaking and plateauing of COVID-19-themed email attacks, an increase in BEC attack volume and acceleration of payment and invoice fraud. The report also reveals that Zoom supplanted American Express as the most impersonated brand in email attacks.

Abnormal Security Quarterly BEC Report Shows How COVID-19 Zeitgeist Permeates Email Cyberattacks on Businesses

In June, Obinwanne Okeke, a Nigerian “entrepreneur” who appeared on the cover of the African edition of Forbes in 2016, pleaded guilty to charges of fraud. Turned out Okeke’s company, Invictus Group, named after Nelson Mandela’s favorite poem, was a front. Between 2015 and 2019, the founder’s crew orchestrated a series of hacks and scams, including one campaign that swindled Unatrac Holding, a sales office of Caterpillar, the construction giant, out of $11 million.

Don’t click that Zoom invitation!

Homepage

Breadcrumbs

Abnormal Security provides advanced email security to prevent credential phishing, business email compromise, account takeover, and more.

Abnormal Security

Multifactor authentication (MFA) is widely regarded as a strong measure for protecting against account takeover attacks. But as with almost any security control, adversaries have devised several ways to bypass it.Researchers from Abnormal Security this week reported observing a recent increase in attacks where threat actors used legacy apps with old email protocols, such as IMAP, SMTP, and POP, to access and take over business email accounts protected with MFA.

Business Email Compromise Attacks Involving MFA Bypass Increase

Multifactor authentication (MFA) is widely regarded as a strong measure for protecting against account takeover attacks. But as with almost any security…

description

email, attacks, security, apps, protocols, business, takeover, control, abnormal, week, increase, threat, accounts, widely, regarded

keywords

https://optimise2.assets-servd.host/gifted-zorilla/production/images/press/dark-reading-logo.png?w=1200&h=630&q=82&auto=format&fit=crop&dm=1631719960&s=fa4e72867616ecaaa5b6f05461c2df35

https://abnormalsecurity.com/about/news/business-email-compromise-attacks-involving-mfa-bypass-increase

referrer

robots

twitter:card

twitter:creator

twitter:description

https://optimise2.assets-servd.host/gifted-zorilla/production/images/press/dark-reading-logo.png?w=800&h=418&q=82&auto=format&fit=crop&dm=1631719960&s=2af8dd96394317b7742f824308f0e089

twitter:image

twitter:image:alt

twitter:image:height

twitter:image:width

twitter:site

twitter:title

{"title":{"title":"Business Email Compromise Attacks Involving MFA Bypass… | Abnormal"}}

Multifactor authentication (MFA) is widely regarded as a strong measure for protecting against account takeover attacks. But as with almost any security control, adversaries have devised several ways to bypass it.

Researchers from Abnormal Security this week reported observing a recent increase in attacks where threat actors used legacy apps with old email protocols, such as IMAP, SMTP, and POP, to access and take over business email accounts protected with MFA.

Schedule a Demo

Preventing Criminals From Using AI for Cybersecurity Attacks

Abnormal Security’s CEO explains how ‘defensive A.I.’ will someday defeat cyber attacks

New study: Threat actors harness generative AI to amplify and refine email attacks

Generative AI Could Revolutionize Email—for Hackers

Email Subscribe

<p>Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.</p>

Newsroom

The State of Email Security in an AI-Powered World

<p>98% of Security Leaders Worried About Generative AI</p>

chakra-ui-ChakraProvider

Button

Footer

Container

Screen

VsMimecast

FormLayouts

VsAvanan

Abnormal Solutions

react-awesome-reveal

lottie-react

react-scroll-parallax-global

plasmic-embed-css

Abnormal Pages

plasmic-query

plasmic-basic-components

Abnormal Legal

Abnormal Why Abnormal

Abnormal Landing Pages

Abnormal Marketing

plasmic-rich-components

Abnormal Partners

Abnormal Products

Abnormal Design System

antd5 hostless

react-slick

B MKT390b Aimpoint Report Social Graphics

Threat Reports

Discover how cybersecurity leaders are adapting to an increasingly AI-driven threat landscape in this report.

Generative AI

United Kingdom

Boohoo

B 09 19 23 Boo Hoo Vid 03

Retail

Customer Stories

Global fashion group adopts behavioural AI-based approach to address a flood of advanced email attacks, graymail, and spam.

Boohoo Fashions a New Email Security Ethos with Abnormal

Email Security

B Convergence of AI Cybersecurity On Demand

Webinars

Explore the transformative impact of AI on the strategies employed by both threat actors and defenders in our limited web series.

The Convergence of AI + Cybersecurity

Business Email Compromise Attacks Involving MFA Bypass Increase

See the Abnormal Solution to the Email Security Problem