Today we added a new check and fix to Attic Microsoft 365 Premium that lets you protect your Microsoft tenant against phishing attacks. This is a unique technique, conceived and developed by Zolder.
The problem
Since Microsoft 365 is widely used, it automatically becomes an interesting target for cybercriminals. That is why Microsoft tenants are frequently targeted by phishing attacks. Microsoft implements mitigating measures, such as MFA. But cybercriminals keep coming up with new attack methods.
One of the techniques gaining popularity among cybercriminals is the adversary-in-the-middle (AiTM) phishing attack. This is a man-in-the-middle attack where an attacker positions themselves between Microsoft and the victim. This way they can obtain login credentials or cookies from the victim. With these, they can gain access to accounts, sometimes even when Multi-Factor Authentication (MFA) is enabled.
Mitigation challenge
Preventing a phishing attack always starts with knowing that you are part of a phishing attack. Awareness, in other words. Only then can you take action. Organizations often find out too late.
At Zolder, we came up with a way to detect phishing attacks on the Microsoft tenant at a very early stage (when the first victim visits the phishing site). We do this by combining the strengths of the Attic app and our project didsomeoneclone.me. This allows us to detect classic phishing attacks as well as the newer AiTM attacks.
Implementation
For our Microsoft 365 Premium customers, we have implemented checks and fixes to easily enable the new technique within your Microsoft tenant. Specifically, this involves CHK-1102 / FIX-1102 and CHK-1158. Screenshots of the new checks:
Want to be notified when your Microsoft tenant is targeted by a phishing attack? Then activate our fix! Not yet an Attic user but curious? Try Attic through our Try feature:
