DemoBlade

Dark reading logo

News

Health it security logo

Threat post logo

While brute-forcing and password spraying techniques are the most common way to mount account takeovers, more methodical cybercriminals are able to gain access to accounts even with more secure MFA protocols in place.

Attackers Hone in on MFA Bypass Options for Account Takeovers

Researchers observed an increase in business email compromise phishing campaigns able to bypass MFA, while Trend Micro found an uptick in BEC scams targeting executive Office 365 accounts.

BEC Phishing Campaigns Bypass MFA, Target Office 365 Executive Accounts

Fortune logo

Symbol white 01b

Press Releases

Trends in BEC and email security during Q2 2020 included a peaking and plateauing of COVID-19-themed email attacks, an increase in BEC attack volume and acceleration of payment and invoice fraud. The report also reveals that Zoom supplanted American Express as the most impersonated brand in email attacks.

Abnormal Security Quarterly BEC Report Shows How COVID-19 Zeitgeist Permeates Email Cyberattacks on Businesses

In June, Obinwanne Okeke, a Nigerian “entrepreneur” who appeared on the cover of the African edition of Forbes in 2016, pleaded guilty to charges of fraud. Turned out Okeke’s company, Invictus Group, named after Nelson Mandela’s favorite poem, was a front. Between 2015 and 2019, the founder’s crew orchestrated a series of hacks and scams, including one campaign that swindled Unatrac Holding, a sales office of Caterpillar, the construction giant, out of $11 million.

Don’t click that Zoom invitation!

Homepage

Breadcrumbs

Abnormal Security provides advanced email security to prevent credential phishing, business email compromise, account takeover, and more.

Abnormal Security

Multifactor authentication (MFA) is widely regarded as a strong measure for protecting against account takeover attacks. But as with almost any security control, adversaries have devised several ways to bypass it.Researchers from Abnormal Security this week reported observing a recent increase in attacks where threat actors used legacy apps with old email protocols, such as IMAP, SMTP, and POP, to access and take over business email accounts protected with MFA.

Business Email Compromise Attacks Involving MFA Bypass Increase

Multifactor authentication (MFA) is widely regarded as a strong measure for protecting against account takeover attacks. But as with almost any security…

description

email, attacks, security, apps, protocols, business, takeover, control, abnormal, week, increase, threat, accounts, widely, regarded

keywords

https://optimise2.assets-servd.host/gifted-zorilla/production/images/press/dark-reading-logo.png?w=1200&h=630&q=82&auto=format&fit=crop&dm=1631719960&s=fa4e72867616ecaaa5b6f05461c2df35

https://abnormalsecurity.com/about/news/business-email-compromise-attacks-involving-mfa-bypass-increase

referrer

robots

twitter:card

twitter:creator

twitter:description

https://optimise2.assets-servd.host/gifted-zorilla/production/images/press/dark-reading-logo.png?w=800&h=418&q=82&auto=format&fit=crop&dm=1631719960&s=2af8dd96394317b7742f824308f0e089

twitter:image

twitter:image:alt

twitter:image:height

twitter:image:width

twitter:site

twitter:title

{"title":{"title":"Business Email Compromise Attacks Involving MFA Bypass… | Abnormal"}}

Multifactor authentication (MFA) is widely regarded as a strong measure for protecting against account takeover attacks. But as with almost any security control, adversaries have devised several ways to bypass it.

Researchers from Abnormal Security this week reported observing a recent increase in attacks where threat actors used legacy apps with old email protocols, such as IMAP, SMTP, and POP, to access and take over business email accounts protected with MFA.

Schedule a Demo

Preventing Criminals From Using AI for Cybersecurity Attacks

CNBC Disruptor 50: Abnormal Security

Generative AI Could Revolutionize Email—for Hackers

Ones to Watch in Tech

Email Subscribe

<p>Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.</p>

Newsroom

Announcing a New Abnormal Podcast! | Listen to SOC Unlocked Podcast

<p>Announcing a New Abnormal Podcast!</p>

vs Mimecast

vs Avanan

Secondary CTA

Whether FormComplete is utilized on a form

FormComplete

CTA Display

What text is displayed on the primary CTA (see sheet for details on copy)

Primary CTA Text

Form Columns

chakra-ui-ChakraProvider

Button

Footer

FramerWrapper

Container

Screen

PrimaryCtaText

FormColumns

CtaDisplay

VsMimecast

SecondaryCta

VsAvanan

Abnormal Solutions

react-awesome-reveal

lottie-react

plasmic-nav

react-scroll-parallax-global

plasmic-embed-css

Abnormal Pages

loading-boundary

plasmic-query

plasmic-basic-components

Abnormal Legal

Abnormal Why Abnormal

Abnormal Landing Pages

plasmic-rich-components

Abnormal Partners

Abnormal Products

Abnormal Design System

Abnormal Marketing

antd5 hostless

react-slick

react-quill

B MKT515p New AI Human Behavior Platform Whitepaper

White Papers

Discover how Abnormal's AI-powered solution protects organizations from their biggest risk—humans.

How to Protect Against the Human Vulnerability: Using AI to Prevent Novel Socially-Engineered Attacks

Abnormal Platform

B SOC Unlocked Mick Douglas

Podcasts

Unnamed

Mick Douglas

MICK HEADSHOT

Mick Leach

Tune in as host and SOC expert Mick Leach chats with Mick Douglas,  Managing Partner of InfoSec Innovations about a range of topics including the current state of security operations, the role of automation and AI in the field, and the importance of using security tools effectively.

Automation, AI, and Bridging the Cybersecurity Talent Gap with Mick Douglas

B SANS Report

Analyst Research

Learn how modern SOC teams address evolving threats, challenges, and technology integrations.

SANS 2024 SOC Survey: Facing Top Challenges in Security Operations

B Attack Quiz

Tools

Test your ability to distinguish malicious emails from safe ones in this interactive quiz.

Quiz: Attack or Not?

Business Email Compromise Attacks Involving MFA Bypass Increase

Get AI Protection for Your Human Interactions