- U.K. Announces 'World-First' Cyber Code of Practice
- I switched to a $129 Android phone for a week, and it was surprisingly capable
- This window-cleaning robot is surprisingly impressive and $100 off for a limited time
- Perplexity lets you try DeepSeek R1 - without the security risk
- This space-saving soundbar delivers clarity and power in every note (and it's $50 off)
Sophisticated Phishing Attack Bypasses Microsoft ADFS MFA
A new phishing campaign has been observed targeting organizations using Microsoft Active Directory Federation Services (ADFS), leveraging spoofed login pages to steal credentials and bypass multi-factor authentication (MFA).
According to cybersecurity researchers at Abnormal Security, the attack exploits ADFS, a single sign-on (SSO) solution that allows users to authenticate across multiple applications with a single set of credentials.
Threat actors craft highly convincing phishing pages that mirror the legitimate ADFS login portals of targeted organizations, tricking users into submitting their credentials and MFA details.
How the Attack Works
Cybercriminals execute this attack in multiple stages:
-
Phishing email: Spoofed emails, appearing to be from the organization’s IT department, prompt users to visit a fraudulent ADFS login page
-
Credential harvesting: The phishing site collects usernames, passwords and MFA codes
-
Account takeover: Attackers use stolen credentials to access the organization’s network, conduct lateral phishing and perform financial fraud
Unlike traditional phishing scams that create a sense of urgency, these emails use more subtle social engineering tactics. The attackers even customize phishing pages based on an organization’s MFA setup, increasing the likelihood of success.
Critical Sectors at Risk
The report identified over 150 targeted organizations across multiple industries, with the education sector accounting for more than 50% of attacks. Other affected industries include:
-
Healthcare (14.8%)
-
Government (12.5%)
-
Technology (6.3%)
-
Transportation (3.4%)
Most affected organizations are in the US, Canada, Australia and Europe. Companies with legacy authentication systems like ADFS are particularly vulnerable, as many have yet to transition to Microsoft’s modern identity platform, Entra.
How Organizations Can Defend Themselves
Security experts recommend a multi-layered defense strategy:
-
Migrate to modern identity solutions – Shift to platforms like Microsoft Entra to reduce reliance on ADFS
-
Strengthen security awareness training – Educate employees on phishing tactics and psychological manipulation techniques
-
Implement advanced detection tools – Use AI-powered email filtering and behavioral monitoring to detect phishing attempts
By proactively updating security measures and educating users, organizations can mitigate the risk of ADFS-based phishing attacks and better protect sensitive information.
Image credit: gguy / Shutterstock.com
