Researchers have uncovered a sophisticated phishing campaign that exploits Microsoft’s Active Directory Federation Services (ADFS) using spoofed login pages to harvest user credentials and bypass MFA to take over accounts. You can read the research here:
https://abnormalsecurity.com/resources/targeting-microsoft-adfs-phishing-bypass-mfa-for-account-takeover
A sophisticated phishing campaign is targeting organizations that rely on Microsoft’s Active Directory Federation Services (ADFS), exploiting the trusted environment of ADFS with spoofed login pages to harvest user credentials and bypass multi-factor authentication (MFA). This allows attackers to take over accounts and gain unauthorized access to critical systems and data, putting sensitive information and organizational security at significant risk.
Roger Grimes, data-driven defense evangelist at KnowBe4, commented:
“I’m a 36-year cybersecurity expert and author of 15 books (one on hacking MFA (https://www.amazon.com/Hacking-Multifactor-Authentication-Roger-Grimes/dp/1119650798) and over 1,500 articles. This is the first time I’ve read about fake ADFS login pages, but ADFS has been involved in bypassing MFA authentication before, so it’s not completely new to use in the hacker scene. All users should use phishing-resistant MFA whenever they can. Unfortunately, most of today’s most popular MFA solutions, including Microsoft Authenticator, Google Authenticator, Duo, push-based MFA, OTP, and SMS-based MFA are very phishable and subject to the exact type of attack reported here.”
Related to this, here’s some relevant articles in relation to MFA:
Don’t Use Easily Phishable MFA and That’s Most MFA!
https://www.linkedin.com/pulse/dont-use-easily-phishable-mfa-thats-most-roger-grimes
My List of Good, Strong MFA
https://www.linkedin.com/pulse/my-list-good-strong-mfa-roger-grimes
Why Is the Majority of Our MFA So Phishable? and US Government Says to Use Phish-Resistant MFA
https://www.linkedin.com/pulse/why-majority-our-mfa-so-phishable-roger-grimes and https://blog.knowbe4.com/u.s.-government-says-to-use-phishing-resistant-mfa
Related
This entry was posted on February 4, 2025 at 4:48 pm and is filed under Commentary with tags Abnormal Security, Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Phishers Exploit Microsoft’s ADFS to Enable Account Takeover
Researchers have uncovered a sophisticated phishing campaign that exploits Microsoft’s Active Directory Federation Services (ADFS) using spoofed login pages to harvest user credentials and bypass MFA to take over accounts. You can read the research here:
https://abnormalsecurity.com/resources/targeting-microsoft-adfs-phishing-bypass-mfa-for-account-takeover
A sophisticated phishing campaign is targeting organizations that rely on Microsoft’s Active Directory Federation Services (ADFS), exploiting the trusted environment of ADFS with spoofed login pages to harvest user credentials and bypass multi-factor authentication (MFA). This allows attackers to take over accounts and gain unauthorized access to critical systems and data, putting sensitive information and organizational security at significant risk.
Roger Grimes, data-driven defense evangelist at KnowBe4, commented:
“I’m a 36-year cybersecurity expert and author of 15 books (one on hacking MFA (https://www.amazon.com/Hacking-Multifactor-Authentication-Roger-Grimes/dp/1119650798) and over 1,500 articles. This is the first time I’ve read about fake ADFS login pages, but ADFS has been involved in bypassing MFA authentication before, so it’s not completely new to use in the hacker scene. All users should use phishing-resistant MFA whenever they can. Unfortunately, most of today’s most popular MFA solutions, including Microsoft Authenticator, Google Authenticator, Duo, push-based MFA, OTP, and SMS-based MFA are very phishable and subject to the exact type of attack reported here.”
Related to this, here’s some relevant articles in relation to MFA:
Don’t Use Easily Phishable MFA and That’s Most MFA!
https://www.linkedin.com/pulse/dont-use-easily-phishable-mfa-thats-most-roger-grimes
My List of Good, Strong MFA
https://www.linkedin.com/pulse/my-list-good-strong-mfa-roger-grimes
Why Is the Majority of Our MFA So Phishable? and US Government Says to Use Phish-Resistant MFA
https://www.linkedin.com/pulse/why-majority-our-mfa-so-phishable-roger-grimes and https://blog.knowbe4.com/u.s.-government-says-to-use-phishing-resistant-mfa
Share this:
Like this:
Related
This entry was posted on February 4, 2025 at 4:48 pm and is filed under Commentary with tags Abnormal Security, Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.