MFA bypasses dominate financial services attacks

Cybercriminals are increasingly targeting financial services by bypassing multi-factor authentication (MFA) through social engineering and token theft, rather than traditional password phishing. Attackers impersonate IT support to trick employees into resetting MFA, allowing them to register their own devices and gain persistent access. A new phishing-as-a-service platform, Kali365, exploits a legitimate Microsoft OAuth flow to capture tokens, granting access to services like Outlook and Teams without triggering further MFA prompts. This shift, detailed in reports from CrowdStrike and Verizon, highlights a critical gap in current security strategies that heavily rely on password-based defenses.