Full Story:
A novel and highly tricky phishing campaign is actively stealing Microsoft 365 credentials by exploiting Microsoft's own Active Directory Federation Services (ADFS) to redirect users from legitimate office.com links to malicious login pages.
cybersecuritynews.com
This novel "ADFSjacking" phishing campaign is a sophisticated threat that bypasses traditional security measures by exploiting trusted Microsoft infrastructure and relying on malicious search engine ads, rather than suspicious emails.
The attack works by redirecting users from legitimate office.com links to a malicious ADFS server that mimics a company's login page to steal Microsoft 365 credentials.
For individual users, the primary defense is to be vigilant, always manually typing login URLs, using a password manager that won't auto-fill on fake sites, and immediately reporting any suspicious activity.
Organizations should prioritize technical controls, such as implementing phishing-resistant Multi-Factor Authentication (MFA) like FIDO2 security keys, migrating from on-premises ADFS to a modern cloud-native solution like Microsoft Entra ID, and using Conditional Access policies.
Furthermore, comprehensive user training that focuses on recognizing social engineering tactics like malvertising and providing a clear, step-by-step incident response plan is crucial.
This threat underscores the need for continuous security awareness, as attackers are constantly evolving their methods to leverage trust and bypass both human and automated defenses.
