Information Security

Account takeover on the Encryption method

Nowadays, a lot of organizations and people have implemented Multi-Factor Authentication or also known as MFA on their email, system, and the application itself.

Source: Multi-factor Authentication as Fast As Possible

The latest Application should be able to support MFA while a legacy application or system will not be able to even support MFA options where the attacker will definitely aware of these issues.

Let me phrase it again!

Attacker aware that legacy or an older application will not able support MFA options

Some people out there surely been thinking “what kind of legacy application or system that didn’t support MFA?” The answer to this question would be “Email Client” that use the old protocol such as IMAP, SMTP, MAPI and POP

Source: Email Protocols: SMTP, POP and IMAP

While MFA and modern authentication protocols are an important advancement in account security and should be used whenever possible…this means that it is not possible to enforce MFA when a user signs into their account using one of these applications

Eric Ludent have write-up in his blog post around last week

Source: Azure Multi-Factor Authentication (MFA): From Configuration to Implementation – Azure Training

I have noticed that some organizations and providers try to find a way to implement MFA in their email protocol to ensure the security of an organization’s email.

MFA have become useable around the world this day, attacker have been planning ahead where in May phishing campaign which have bypass MFA on Office365. The attacker will use a malicious SharePoint link to mislead the victims to a malicious application where they will gain permission to the victim’s data stored and run a Bitcoin ransom.

Reference: Attackers Horn in on MFA Bypass Options for Account Takeovers

Leave a Reply

Your email address will not be published. Required fields are marked *