FBI Issues Urgent Warning For Microsoft 365 Users: Kali365 Phishing Kit Bypasses MFA

The attack will direct you to Microsoft's legitimate Authorized Devices functionality.
The scope of known attacker activity and the unconventional nature of the attack prompted the FBI to post an official Public Service Announcement warning against the threat. The FBI's tips to secure against the attack include creating a conditional access policy to block device code flow for all users with limited exceptions, auditing existing device code flow usage to identify where it's actually needed, blocking authentication transfers from PCs to mobile, and excluding emergency access accounts to prevent potential lockouts. The FBI also, of course, encourages those who spot the attacks in the wild to report all relevant information to the Internet Crime Complaint Center (IC3) at IC3.gov.
It's certainly a dangerous attack, though we do reckon it's somewhat unlikely that tech-savvy users will fall for it. Manually adding device codes to Microsoft's Authorized Devices is an extremely fringe use case, and potential victims should notice that their devices are already authorized to access the accounts in question thanks to already being signed in. But there's always the chance of catching an otherwise-savvy user on a rainy day, or getting lucky enough for the phishing email to land in the hands of someone prone to panic and follow instructions without question. Statistics suggest that an overwhelming majority of cyber attacks happen due to human error, after all.
Image Credit: geralt on Pixabay