Darktrace researchers have outlined a particularly scary scenario of how threat actors are bypassing MFA and using artificial intelligence to launch sophisticated phishing attacks against users.

The case study “leveraged legitimate Dropbox infrastructure and successfully bypassed multifactor authentication (MFA) protocols…which highlights the growing exploitation of legitimate popular services to trick targets into downloading malware and revealing log in credentials.” The threat actors rely on users trusting legitimate emails and logos to harvest credentials.

In the case study, a legitimate Dropbox domain was used to lure the user into believing it was real—”no-reply@dropbox[.]com.”

According to an interview by Infosecurity Magazine, this is a legitimate email address used by the Dropbox file storage service.

The email contained a link that would lead the user to a PDF file hosted on Dropbox, which was seemingly named after a partner of the organization.

This PDF file contained a suspicious link to a domain that had never previously been seen on the customer’s environment, named “mmv-security[.]top.”

Although Darktrace detected the email, the user received a second email urging the user to open the first PDF. The user clicked on the link and was directed to a fake Microsoft 365 login page, and the user probably accepted an MFA push. The article is very interesting and informative on the newest ways threat actors are obtaining credentials and using AI to attack users. Users need to be as suspicious of the use of legitimate platforms as they are of detecting fake ones and always be cautious about accepting MFA requests.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chair’s the firm’s Data Privacy and Security Team. Linn focuses her practice on…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chair’s the firm’s Data Privacy and Security Team. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.