Current campaigns are allowing even novice attackers to scoop up authentication tokens with increasing frequency, bypassing what used to be considered foolproof protection.

CSO Online offers insights into cybersecurity, risk management, and IT leadership, providing articles, reports, and expert analysis to help security professionals navigate the evolving threat landscape and protect their organizations from cyber attacks. By exploring CSO Online's curated content, CISOs, security managers, and IT executives can learn about threat intelligence, security frameworks, and incident response strategies for building resilient cybersecurity programs. Whether you're defending against ransomware, phishing attacks, or insider threats, CSO Online offers resources to strengthen your security posture and safeguard your digital assets.

CSO Online

Security experts and the FBI are warning that MFA alone is no longer sufficient protection against modern phishing attacks. New phishing-as-a-service platforms like Kali365 and EvilTokens enable even novice attackers to steal Microsoft 365 OAuth tokens by tricking users into entering device codes on legitimate Microsoft pages, bypassing MFA entirely. Kali365 offers AI-generated lures, multilingual templates, and management dashboards for as little as $250/month. Mitigations include restricting OAuth device code flow via Conditional Access policies, enforcing phishing-resistant FIDO2/passkey MFA, proactively revoking tokens, monitoring for suspicious OAuth activity and device registrations, and adopting identity-centric security with continuous access evaluation.

Security experts caution MFA alone can no longer stop threat actors

Move beyond MFA as a ‘checklist item’