Microsoft Detects Phishing Campaign Capable of Bypassing MFA and How to Protect Against It

From script kiddies to advanced persistent threat groups, actors use multiple techniques to bypass MFA. Actors use social engineering, exploitation of vulnerabilities or misconfigurations in technology, and even physical attack techniques. However, MFA bypass is often accomplished most effectively through a combination of social engineering and technical attacks. Microsoft Security posted a blog detailing their team’s observations of a phishing campaign targeting over 10,000 organizations with the ability to bypass the multifactor authentication (MFA) process.