Nowadays, a lot of organizations and people have implemented Multi-Factor Authentication or also known as MFA on their email, system, and the application itself.
The latest Application should be able to support MFA while a legacy application or system will not be able to even support MFA options where the attacker will definitely aware of these issues.
Let me phrase it again!
Attacker aware that legacy or an older application will not able support MFA options
Some people out there surely been thinking “what kind of legacy application or system that didn’t support MFA?” The answer to this question would be “Email Client” that use the old protocol such as IMAP, SMTP, MAPI and POP
While MFA and modern authentication protocols are an important advancement in account security and should be used whenever possible…this means that it is not possible to enforce MFA when a user signs into their account using one of these applicationsEric Ludent have write-up in his blog post around last week
I have noticed that some organizations and providers try to find a way to implement MFA in their email protocol to ensure the security of an organization’s email.
MFA have become useable around the world this day, attacker have been planning ahead where in May phishing campaign which have bypass MFA on Office365. The attacker will use a malicious SharePoint link to mislead the victims to a malicious application where they will gain permission to the victim’s data stored and run a Bitcoin ransom.