Moussa Diallo

Okta’s Identity Defense Operations frequently observes the use of Adversary-in-the-Middle (AiTM) phishing proxies in high-volume, non-targeted attacks against users of corporate email services. Real-time phishing proxies have been used in red team activity and targeted attacks since at least 2017. Microsoft Threat Intelligence Center (MSTIC) observed campaigns in July 2022 of far higher volume, with 10,000 Microsoft 365 customers targeted in one campaign alone. MSTIC also observed that...

Multi-factor Authentication (MFA) is very effective at limiting what an adversary can do with a stolen password. According to research commissioned by Google in 2019, MFA thwarted 99% of automated credential-based attacks and 93% of phishing campaigns. It remains one of the most essential and effective controls against account takeovers. In some circumstances (outlined below), MFA can be bypassed. Okta’s Cyber Threat Research team has observed the proliferation of malware designed to extract...