Hackers using brute-force attacks to infiltrate e-mail systems protected by MFA

By
Hackers using brute-force attacks to infiltrate e-mail systems protected by MFA

Brute-force attacks launched by cyber-criminals can allow them to compromise corporate e-mail systems such as Office365.

Research carried out by security firm Proofpoint shows how cyber- criminals can infiltrate enterprise e-mail systems and access sensitive corporate e-mails by carrying out brute-force attacks, even if such e-mail systems have single sign or multi-factor authentication in place.
 
"It only takes one compromised Microsoft Office 365 account to unlock access to a virtual goldmine of confidential data and access—and we have seen a major increase in organisations losing both money and data to these attacks," said Ryan Kalember, senior vice president of Cybersecurity Strategy for Proofpoint.
 
"Once an attacker compromises a trusted account, they can read a user’s email, look at their calendar, and launch internal phishing emails attempts from a trusted account."
 
According to Kalember, e-mail systems that have multifactor authentication support are also being targeted by cyber-criminals who do so by exploiting interfaces that do not support strong authentication in most deployments, such as Exchange Web Services and ActiveSync.
Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

iOS 12 hands-on: 6 things we love (and 3 we don’t) about Apple’s latest OS

iOS 12 hands-on: 6 things we love (and 3 we don’t) about Apple’s latest OS

Sony celebrates 500m PlayStations sold with translucent PS4 Pro

Sony celebrates 500m PlayStations sold with translucent PS4 Pro

Is a Nintendo Switch Virtual Console coming as Nintendo bans retro ROM resources?

Is a Nintendo Switch Virtual Console coming as Nintendo bans retro ROM resources?

Apple AirPods 2: Wireless charging case revealed in iOS 12 beta images

Apple AirPods 2: Wireless charging case revealed in iOS 12 beta images