The VPN was using Azure AD for authentication and MFA. For accounts that were set up but never used, the hacker group was able to use them to access the organization's VPN infrastructure. The Russian espionage group APT29 had earlier conducted a password guessing attack against a list of emails. This means that anyone who has the login credentials for an account can enroll in MFA as long as they are doing it for the first time on that account. However, in Azure AD in its default configuration, there is no such enrollment enforced. Usually, when an organization first enforces MFA, many platforms allow their users to immediately enroll for their MFA device. Hackers are taking advantage of the self-enrollment process in the Azure Active Directory and other platforms.
Easy to setup and easy to use Peace of mind. MFA is an important tool used by organizations to improve security and thwart takeover attacks by hackers. McMaster / Microsoft 365 MFA is available for all members of the McMaster community for their MacID account.
Cybersecurity research firm Mandiant has observed a new trend where hackers are exploiting multifactor authentication (MFA) to exploit and gain access to dormant Microsoft accounts.
0 kommentar(er)
