If MFA is not enabled on a user’s Microsoft 365 account, a successful phishing attack allows the attacker to immediately access the account using the stolen credentials.

CIRCL observed more than 48 organisations with Microsoft 365 accounts compromised in the past 7 days in Luxembourg.

CIRCL has published a series of recommendations in the following report: https://www.circl.lu/pub/tr-94/