Privacy Tip #392 – Legitimate Platforms and AI Used to Bypass MFA

Robinson+Cole Data Privacy + Security Insider
Contact

Darktrace researchers have outlined a particularly scary scenario of how threat actors are bypassing MFA and using artificial intelligence to launch sophisticated phishing attacks against users.

The case study “leveraged legitimate Dropbox infrastructure and successfully bypassed multifactor authentication (MFA) protocols…which highlights the growing exploitation of legitimate popular services to trick targets into downloading malware and revealing log in credentials.” The threat actors rely on users trusting legitimate emails and logos to harvest credentials.

In the case study, a legitimate Dropbox domain was used to lure the user into believing it was real—”no-reply@dropbox[.]com.”

According to an interview by Infosecurity Magazine, this is a legitimate email address used by the Dropbox file storage service.

The email contained a link that would lead the user to a PDF file hosted on Dropbox, which was seemingly named after a partner of the organization.

This PDF file contained a suspicious link to a domain that had never previously been seen on the customer’s environment, named “mmv-security[.]top.”

Although Darktrace detected the email, the user received a second email urging the user to open the first PDF. The user clicked on the link and was directed to a fake Microsoft 365 login page, and the user probably accepted an MFA push. The article is very interesting and informative on the newest ways threat actors are obtaining credentials and using AI to attack users. Users need to be as suspicious of the use of legitimate platforms as they are of detecting fake ones and always be cautious about accepting MFA requests.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide