Surge in Device Code Phishing Threatens Microsoft 365 and Entra ID Access

Severity: High (Score: 67.5)

Sources: Digitalterminal.In, Ciso.Economictimes.Indiatimes

Summary

Barracuda Networks has reported a significant increase in device code phishing attacks, detecting 7 million incidents in the last four weeks. Attackers exploit device code authentication, commonly used for services like Microsoft 365 and Entra ID, by tricking users into entering legitimate sign-in codes on real login pages. This method allows attackers to gain persistent access to user accounts without needing to steal passwords. The technique is becoming more widespread due to the availability of phishing-as-a-service tools, such as the EvilTokens kit. Device code phishing is stealthy, as it uses legitimate authentication links, making it harder for security tools to detect. Additionally, it bypasses multifactor authentication and conditional access policies, allowing attackers to maintain access for extended periods. The findings emphasize the need for enhanced security measures, including improved monitoring and user education regarding device code entry. Key Points: • Barracuda detected 7 million device code phishing attacks in four weeks. • Attackers exploit legitimate device code authentication to gain unauthorized access. • The method bypasses traditional security measures, including multifactor authentication.

Key Entities

• Phishing (attack_type)
• CWE-287 - Improper Authentication (cwe)
• T1566 - Phishing (mitre_attack)
• Entra ID (platform)
• Microsoft 365 (platform)
• EvilTokens (tool)