Attackers bypass multi-factor authentication to hijack email accounts

Researchers at Abnormal Security have detected an increase in business email compromise attacks that successfully compromise email accounts despite the use of multi-factor authentication (MFA) and Conditional Access. This is possible because legacy email protocols, including IMAP, SMTP, MAPI and POP, don't support MFA. In addition many common applications -- such as those used by mobile email clients (for example, iOS Mail for iOS 10 and older) -- don't support modern authentication. A common pattern in account takeovers is that after being blocked by MFA an attacker will immediately switch to using a legacy application. In fact, most credential stuffing campaigns… [Continue Reading]