i4DM Month In Review | May 2025
HOW IS THIS HAPPENING?
Attackers are using a service called “SessionShark O365 2FA/MFA”, a phishing-as-a-service toolkit built to bypass Microsoft Office 365 multi-factor authentication protections. The tool is an adversary-in-the-middle (AiTM) that can steal valid user session tokens to defeat 2FA on O365 accounts. By capturing a victim’s session cookie, an attacker can bypass MFA controls and access their account without needing the one-time passcode.
WHAT IS THE WEAKNESS?
The biggest weakness for this type of attack is the phishing kit’s ability to merge with Cloudflare services, leveraging Cloudflare’s network to mask the kit’s actual hosting server and fend off takedowns or IP-based blocking. Making it difficult to thwart, even when found.
i4DM DEFENSE MITIGATION STRATEGIES
– i4DM distributes regular user-awareness email campaigns to educate employees on social engineering tactics and reduce susceptibility to phishing and impersonation attempts.
– i4DM actively monitors network traffic for suspicious outbound connections to known command and control servers
– i4DM deploys Integrated Cloud Email Security (ICES), a comprehensive email security solution that combines multiple layers of protection to defend against email-based threats.