Dark reading logo

News

Health it security logo

Threat post logo

While brute-forcing and password spraying techniques are the most common way to mount account takeovers, more methodical cybercriminals are able to gain access to accounts even with more secure MFA protocols in place.

Attackers Hone in on MFA Bypass Options for Account Takeovers

Researchers observed an increase in business email compromise phishing campaigns able to bypass MFA, while Trend Micro found an uptick in BEC scams targeting executive Office 365 accounts.

BEC Phishing Campaigns Bypass MFA, Target Office 365 Executive Accounts

Fortune logo

Symbol white 01b

Press Releases

Trends in BEC and email security during Q2 2020 included a peaking and plateauing of COVID-19-themed email attacks, an increase in BEC attack volume and acceleration of payment and invoice fraud. The report also reveals that Zoom supplanted American Express as the most impersonated brand in email attacks.

Abnormal Security Quarterly BEC Report Shows How COVID-19 Zeitgeist Permeates Email Cyberattacks on Businesses

In June, Obinwanne Okeke, a Nigerian “entrepreneur” who appeared on the cover of the African edition of Forbes in 2016, pleaded guilty to charges of fraud. Turned out Okeke’s company, Invictus Group, named after Nelson Mandela’s favorite poem, was a front. Between 2015 and 2019, the founder’s crew orchestrated a series of hacks and scams, including one campaign that swindled Unatrac Holding, a sales office of Caterpillar, the construction giant, out of $11 million.

Don’t click that Zoom invitation!

Homepage

Breadcrumbs

Abnormal Security provides advanced email security to prevent credential phishing, business email compromise, account takeover, and more.

Abnormal Security

Multifactor authentication (MFA) is widely regarded as a strong measure for protecting against account takeover attacks. But as with almost any security control, adversaries have devised several ways to bypass it.Researchers from Abnormal Security this week reported observing a recent increase in attacks where threat actors used legacy apps with old email protocols, such as IMAP, SMTP, and POP, to access and take over business email accounts protected with MFA.

Business Email Compromise Attacks Involving MFA Bypass Increase

Multifactor authentication (MFA) is widely regarded as a strong measure for protecting against account takeover attacks. But as with almost any security…

description

email, attacks, security, apps, protocols, business, takeover, control, abnormal, week, increase, threat, accounts, widely, regarded

keywords

Multifactor authentication (MFA) is widely regarded as a strong measure for protecting against account takeover attacks. But as with almost any security control, adversaries have devised several ways to bypass it.Researchers from Abnormal Security this week reported observing a recent increase in…

https://optimise2.assets-servd.host/gifted-zorilla/production/images/press/dark-reading-logo.png?w=1200&h=630&q=82&auto=format&fit=crop&dm=1631719960&s=fa4e72867616ecaaa5b6f05461c2df35

https://abnormalsecurity.com/about/news/business-email-compromise-attacks-involving-mfa-bypass-increase

referrer

robots

twitter:card

twitter:creator

twitter:description

https://optimise2.assets-servd.host/gifted-zorilla/production/images/press/dark-reading-logo.png?w=800&h=418&q=82&auto=format&fit=crop&dm=1631719960&s=2af8dd96394317b7742f824308f0e089

twitter:image

twitter:image:alt

twitter:image:height

twitter:image:width

twitter:site

twitter:title

{"title":{"title":"Business Email Compromise Attacks Involving MFA Bypass… | Abnormal"}}

Multifactor authentication (MFA) is widely regarded as a strong measure for protecting against account takeover attacks. But as with almost any security control, adversaries have devised several ways to bypass it.

Researchers from Abnormal Security this week reported observing a recent increase in attacks where threat actors used legacy apps with old email protocols, such as IMAP, SMTP, and POP, to access and take over business email accounts protected with MFA.

Cybersecurity dive logo

Recent history shows holiday weekends and vacations provide an attack surface bonanza for threat actors.

Ahead of summer holiday weekends, IT security leaders brace for deliberate cyber mischief

Sc media logo

Even though nearly three-quarters of business email compromise attacks during the past year have emerged from Nigeria, Israel has been gaining traction as a base for sophisticated BEC campaigns.

Israel-based BEC attacks on the rise

Tech republic logo

Abnormal Security is tracking cybercriminals from an unusual location for business email compromises who are using sophisticated spoofing to spur payments for fake acquisitions.

Israel-based threat actors show growing sophistication of email attacks

Cso logo

The group, identified by Abnormal Security, targets multinational firms using email display name spoofing and multiple fake personas.

Israeli threat group uses fake company acquisitions in CEO fraud schemes

It security wire logo

The cybercrime industry is evolving tremendously, and CISOs need to have stringent practices to keep their IT infrastructure secure against sophisticated cyber threats and risks. IT Security Wire interviewed Mike Britton, CISO, Abnormal Security, to understand today’s threats and the best ways to stay secure.

Modern Cyber Threat Landscape and Ways to Stay Secure

Mssp alert logo

A BEC campaign has been tracked to a threat group in Israel, an unlikely genesis for a cyberattack of any kind, Abnormal Security said in a new report.

Widespread Email Ruse Launched from Israel, an Unlikely Source in Moneygrab

Researchers at Abnormal Security discovered an Israel-based threat group carrying out a BEC campaign primarily targeting large and multinational enterprises with an average annual revenue of over $10 billion.

BEC Campaign via Israel Spotted Targeting Large Multinational Companies

Symbol beige 01b

The report reveals how an emerging threat group employs a multi-phased BEC attack with an M&A theme to steal  from multinational enterprises

New Research from Abnormal Security Shows the Rise of Business Email Compromise Attacks Sent from Israel

Symbol green 01w

More than two thirds of IT and security leaders are concerned that attackers are leveraging communication and collaboration channels beyond email to evade security controls

New Survey from ESG Reveals Trends Shaping Communication and Collaboration Application Security

Help net security logo

Here’s a look at the most interesting products from the past month, featuring releases from Abnormal Security and others.

Infosec products of the month: April 2023

Crn australia logo

Abnormal Security unveiled three new products during RSA Conference, adding new threat detection capabilities for Microsoft Teams, Slack and Zoom.

Ten coolest cybersecurity startups at RSA 2023

It pro today logo

The 2023 RSA Conference showcased a variety of AI-powered cybersecurity tools, with dozens of vendors highlighting the intersection of AI and cybersecurity.

AI Takes Center Stage at 2023 RSA Conference: A Roundup of New Products

Schedule a Demo

Email Subscribe

<p>Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.</p>

News & Press

<p>Exploring the Rise of Israel-Based BEC Attacks </p>

chakra-ui-ChakraProvider

Footer

Screen

react-awesome-reveal

lottie-react

plasmic-embed-css

plasmic-query

plasmic-basic-components

Abnormal Design System

react-slick

Abnormal Solutions

react-scroll-parallax-global

Abnormal Pages

Abnormal Legal

Abnormal Why Abnormal

Abnormal Landing Pages

Abnormal Marketing

Abnormal Partners

Abnormal Products

antd5 hostless

B 04 20 23 Gartner report

Analyst Research

Abnormal’s fundamentally different approach to cloud email security provides the best protection against existing and emerging attack techniques.

2023 Gartner® Market Guide for Email Security

Email Security

B 02 15 23 ROI Calculator

Tools

Discover the ROI you can experience with Abnormal Security.

ROI Calculator: Discover Your Abnormal Return on Investment

Abnormal Platform

B 02 08 23 1500x1500 H12023 Threat Report

Threat Reports

Abnormal’s latest report on business email compromise trends and statistics finds that employees open 28% of attacks and reply to 15% of them.

H1 2023: “Read” Alert: Data Shows 28% of BEC Attacks Opened by Employees

B 04 20 23 Forrester Total Economic Impact Study of Abnormal Security

Learn how investing in Abnormal Security can yield a 278% ROI within 3 years and help your organization avoid $4 million in losses from BEC.

404

This page could not be found.