![]() When it comes to securing your organization against potential MFA hacks, taking a holistic approach to cybersecurity – that incorporates both an offensive and defensive position – is the best strategy. This attack scenario was discovered and exploited in the wild to bypass MFA and leverage access into a corporate environment. Like many vulnerabilities, the mechanics of an attack are quite simple to understand. The attacker now connects to the guest wireless network and retries the authentication attempt from a trusted IP address: As seen below, the user account requires MFA in order to continue. The following authentication attempt was made from the public internet using valid Office365 credentials. In this scenario, an attacker only needs access to the provided guest wireless connection to bypass Office365 MFA, as the public IP address seen by Microsoft is originating from a trusted location. If the targeted company provides wireless guest network access, although traffic may be segmented from corporate network traffic, both networks will have the same trusted public IP address. ![]() In order for an attacker to successfully bypass MFA, they would normally require physical access to a particular location whose IP address had been added as a “named location.” While access to a targeted company’s network would typically be prohibitive for such an attack, there is an often-overlooked consequence for this type of configuration. The purpose of this configuration is to allow users quicker access from trusted locations such as a corporate office, branch office, or other restricted environment. Authentication attempts from these trusted IP addresses only require basic username and password, even if a user has previously configured MFA. Microsoft Office 365 & Azure Active Directory allow for “named locations” 1 where MFA is not required for authentication. View this webinar for an opportunity to see how good guys simulate the bad guys and gain valuable insights. Many organizations perform regular annual or bi-annual testing to identify network vulnerabilities, gaps in their controls and satisfy industry compliance requirements. ![]() Lessons from the Field: How Are Skilled Testers Infiltrating?
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |