Mitiga in the News

Researchers spotted a sophisticated business email compromise (BEC) campaign targeting Microsoft 365 organizations, leveraging inherent weaknesses in Microsoft 365 Multi-Factor Authentication (MFA), Microsoft Authenticator, and Microsoft 365 Identity Protection.

Microsoft has been pushing for the use of multi-factor authentication (MFA) to thwart attackers for many years. But threat actors are keeping up with the increasing enterprise adoption of MFA and are constantly coming up with ways to bypass the additional protection it offers.

Mitiga spotted a sophisticated, advanced business email compromise campaign, targeting Microsoft365 organizations, leveraging inherent weaknesses in Microsoft 365 MFA,Microsoft Authenticator, and Microsoft 365 Identity Protection

Analysis of the BEC campaign reveal weaknesses in Microsoft's authentication system and hackers have developed ways to bypass multi-factor authentication (MFA) on cloud productivity services like Microsoft 365 (formerly Office 365).

A new business email compromise (BEC) campaign has been discovered combining sophisticated spear-phishing with Adversary-in-The-Middle (AiTM) tactics to hack corporate executives' Microsoft 365 accounts, even those protected by MFA.

A sophisticated business email compromise (BEC) campaign targets CEOs and CFOs to drain millions from corporate accounts.

Cyberattacks are constant and security breach incidents inevitable. The National Cyber Security Centre offers guidance for public and private sector organisations to help minimise harm from breaches, while the UK’s data watchdog, the Information Commissioner’s Office (ICO) is focused on addressing the issues in the public sector that result in avoidable data breaches by raising data protection standards and preventing harm from occurring.

Mitiga CTO Ofer Maor explains how platforms such as Slack and Microsoft Office 365 are being compromised by cybercriminals.

It is no secret that cyberattacks are inevitable, but two important words that organizations must focus on are cyber resilience. Combining elements of information security, business continuity, and organizational resilience, a cyber resilience strategy can enable rapid recovery from an inevitable attack with little to no operational disruption.