"However, it's important to note that any SaaS systems storing HR or payment and bank account information could be easily targeted with the same technique," Microsoft researchers said. "These attacks don't represent any vulnerability in the Workday platform or products, but rather financially motivated threat actors using sophisticated social engineering tactics and taking advantage of the complete lack of multifactor authentication (MFA) or lack of phishing-resistant MFA to compromise accounts."
The phishes target any Google and Microsoft accounts, from small businesses to large enterprises, we're told. And while Okta didn't have a confirmed victim count, "we have observed high-confidence account takeovers in multiple entities," the threat intel team told us. "By extension, we expect Microsoft and Google will have observed a larger number of ATO events, given that VoidProxy proxies non-federated users directly with Microsoft and Google servers."
