Lateral Phishing by Hacking Device Registration

A large-scale phishing campaign was detected and traced for stealing credentials to register devices on a user’s network to send spam and infected emails. The accounts that were targeted were not secured with Multi-factor authentication leading to taking advantage of users’ Bring-your-own-device (BYOD) to generate their own rogue devices using stolen credentials.

The campaign started with a DocuSign-branded phishing lure containing an infected link that redirected to the rogue website login page of office 365 to steal the personal login details. This theft resulted in a compromise of 100 mailboxes of different companies and enabled attackers to implement an inbox rule to thwart detection. Another attack was followed that abused the lack of MFA protections to enroll an unmanaged windows device to the company’s active directory and propagate malicious messages to over 8,500 users, both in and outside of the user’s organization.

Indulging into best practices such as strong credentials hygiene, turning on multi-factor authentication, and implementing advanced security solutions that provide visibility across domains to mitigate the risks of such attacks harming both users and organizations.

News Reference: Hackernews