New phishing kits target Microsoft 365 accounts, evade MFA
Two new phishing kits, Jalisco and OmegaLord, have been discovered targeting Microsoft 365 accounts. These kits use advanced techniques to bypass multi-factor authentication (MFA), including real-time credential harvesting and session cookie theft. The attacks were identified by cybersecurity researchers tracking threat actor activity. Jalisco employs a reverse proxy to intercept authentication tokens, while OmegaLord uses a more sophisticated approach to capture MFA codes. The kits are being distributed on underground forums and have been used in targeted campaigns against organizations in multiple sectors. Microsoft has acknowledged the threat and recommends additional security measures such as conditional access policies and hardware security keys.
Global Impact
This development has significant implications for enterprise cybersecurity. Economically, it drives increased spending on advanced authentication and threat detection solutions, benefiting vendors like Microsoft, Okta, and Duo.