Knowledge base

September 29, 2020

Security Researchers: Hackers can bypass Multi-factor Authentication for Microsoft 365.

Security researchers have discovered critical vulnerabilities that allow attackers to bypass multi-factor authentication (MFA) for Microsoft 365. According to security researchers at Proofpoint, vulnerabilities in MFA deployment compromise users’ security and privacy while interacting with cloud-based services. Attackers may be able to gain full access to their victim’s account information, including emails, files, and contacts.

“Most likely, these vulnerabilities have been around for years. We tested several Identity Provider (IDP) solutions, identified the solutions that were susceptible and resolved the security issues,” Proofpoint said in its blog post.

What caused this security issue?

Researchers believe that the way Microsoft 365 sessions were designed was responsible for this major security crisis. Bugs in the implementation of existing security mechanisms allowed attackers to exploit “inherently unsafe protocol” (WS-Trust). For example, attackers were able to falsify their target’s IP address to bypass MFA, thanks to a simple manipulation of the request header.

If you want to have the safe Office 365 environment, we’re happy to help you!

Changes to the user-agent header caused the IDP to identify the wrong protocol under the pretext of using modern authentication. Attackers can exploit the vulnerabilities to rotate from the old protocol to the modern protocol. As a result, Microsoft logs the connection as “Modern Authentication”, further knocking with administrators and security engineers.

Because attackers can bypass MFA, microsoft 365 security staff must devise an additional layer of security in the form of account compromise detection and recovery. Once vulnerabilities are discovered, attackers can automatically exploit them. What makes these vulnerabilities extremely difficult to detect is that they don’t appear in event logs.

As security risks and threats continue to cause problems, the introduction of multiple authentication has increased significantly after the pandemic.

Multi-factor authentication applications
The MFA can protect Microsoft 365 users from a number of security vulnerabilities as follows:

  • Real-time phishing
  • Channel hijacking
  • Legacy protocols

According to researchers, 97 percent of organizations were hit by brute force attacks in the first half of 2020. 30 percent of those organizations had at least one compromised cloud account. Researchers found that 73 percent of all supervised tenants were targeted and 57 were compromised.

Source: thewindowsclub

Microsoft believes underwater data centers are reliable, practical and sustainably powered.

Want to know more?

Get in touch

Related
blogs

View all blogs
Exchange Online
May 18, 2024

Choose the Right Microsoft Exchange Online Plan for YOU!

Read more
Microsoft Places
May 17, 2024

AI Brings New Life to Flexible Working with Microsoft Places

Read more
RPA Attended PowerBI
May 16, 2024

Optimize your Attended RPA with Power BI licensing

Read more
Power BI licenties
May 15, 2024

Choose the Right Power BI License: A Comparison

Read more
SharePoint licenties
May 14, 2024

Discover the Different SharePoint Licenses within Microsoft 365

Read more
Microsoft Entra ID environment
May 13, 2024

Essential: Strict Permissions in Entra ID

Read more
DMARC
May 12, 2024

Why DMARC is Essential for Your Business.

Read more
Gmail nieuwe e-mailvereisten
May 11, 2024

The New Email Requirements for Email Delivery at Gmail

Read more
Drie Technologietrends om in 2024 in de Gaten te Houden
May 10, 2024

Three Technology Trends to Watch in 2024

Read more
Bescherm uw merk en verbeter de e-mailveiligheid met de expertise van ALTA-ICT.
May 09, 2024

The Importance of BIMI and DMARC for Email Security.

Read more

Tech Updates: Microsoft 365, Azure, Cybersecurity & AI – Weekly in Your Mailbox.