Microsoft has released an advisory regarding a phishing campaign that allows malicious threat actors to leverage the concept of the “Bring Your Own Device” (BYOD) policy of some organisations to propagate their attack across their target’s network elusively.
According to Microsoft, the phishing campaign exploited employees’ devices that did not employ multi-factor authentication (MFA).
The first stage of the phishing attack included credential stealing and compromising accounts of employees working in agencies and organisations based in Thailand, Indonesia, Singapore, and Australia. The threat actors used the compromised accounts of the employees in the second attack stage to expand their base inside the marked organisation through either outbound spam or lateral phishing.
The recent phishing attacks involving BYOD policy have a higher chance of infection, especially those that failed to enable an MFA. Threat actors can easily penetrate and navigate a target’s network without additional security measures.
Therefore, employees who had implemented MFA on their devices can effectively obstruct the process of the phishing campaign led by the threat actors since it can prevent them from utilising stolen credentials to gain access to networks or devices.
The attack surface of cybercriminals continues to widen as more organisations allow their employees to use their devices for work-related topics. This hybrid work model has paved the way for hackers to develop new strategies that can be especially useful in threat campaigns, such as phishing and credential stealing.
Furthermore, the unmanaged apps, services, devices, and other infrastructure operating outside standard policies of some organisations are the leading cause of initial entry of phishing attacks. Security teams ignore or overlook these unmanaged devices, making them the most attractive vectors for phishing attempts against companies.
Threat actors can also misuse the BYOD policy to operate lateral movements and operate a persistence system inside an infected network for future campaigns.
