top of page

New Multi-Stage AitM & BEC Attack Targets Banking & Financial Services Organizations

As a reminder to all banking and financial services organizations, Microsoft recently released a report detailing a new multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) attack targeting these organizations. The attack, which Microsoft is tracking under the name Storm-1167, is especially sophisticated due to its use of indirect proxy to tailor phishing pages to the victims. This proxy enables the attackers to steal session cookies from the victims, making it an even more dangerous attack. In traditional phishing attacks, the attackers will present victims with a website that mimics the sign-in page of the targeted application. However, with this AitM attack, the sign-in page contains resources loaded from an attacker-controlled server, which then initiates an authentication session with the authentication provider of the target application using the victim's credentials. The attack chain begins with a phishing email containing a link that redirects victims to a spoofed Microsoft sign-in page. Victims then enter their credentials and time-based one-time passwords (TOTPs), which the attackers can use to gain access to the victims' accounts. Microsoft is urging banking and financial services organizations to be extra vigilant in protecting against these types of attacks. The tech giant has urged organizations to ensure they have strong authentication solutions in place and to educate their employees on how to spot and avoid phishing emails. Organizations should also consider investing in security solutions that can detect and prevent phishing attacks. It is also essential that organizations regularly monitor their accounts for suspicious activity. If a breach is detected, organizations should contact the relevant authorities and investigate the attack to ensure the source of the attack is identified and all remaining potential threats are neutralized. In the wake of this attack, it is important for organizations to take steps to protect themselves from similar attacks in the future. By taking the necessary precautions, organizations can protect themselves from these sophisticated phishing and BEC attacks and ensure the safety of their data and customers.


bottom of page