Phishing has evolved and now it looks legitimate.
These attacks are hitting Microsoft 365 users hardest. Why? Because they blend in:
- Microsoft IP addresses
- Real-looking session flows
- Hijacked 2FA tokens
- Credential-harvesting PDFs
The result? 241% spike in Axios activity from June to August 2025, and up to 70% success rates in credential theft.
In a recent report, security researchers revealed how attackers are combining Axios, a common HTTP client used in modern web apps, with Microsoft’s Direct Send email feature to deliver phishing emails that bypass traditional filters and land directly in user inboxes.
Simultaneously, a new phishing-as-a-service (PhaaS) kit called Salty 2FA is intercepting multi-factor authentication tokens, stealing credentials even from users who “do everything right.”
Every Business Is Exposed, Unless Your Security Is Unified
These tactics don’t require zero-day exploits. They succeed because most businesses rely on disjointed security tools and inconsistent user training. What’s worse, they mask the true cost of risk behind productivity loss, remediation time, and customer distrust.
This is a component of the “hidden crime tax” most organizations are paying it without knowing.
BTI’s Response: Unified, Integrated, Gap-Free Cybersecurity
BTI is unique among MSPs. We don’t resell disconnected tools or patch together partial coverage. Our security stack is:
- Enterprise-Grade Tools: We deploy only the industry’s most trusted high-performance solutions, selected for their effectiveness, not their margins.
- Teamwork: We team with our clients and their IT teams and vendors to ensure the layers of security in personnel, policy, network infrastructure, security systems, voip, and SAAS systems are optimized and informed with proactive vulnerability management that evolve to address constant changes in the environment
- Expert Oversight: All systems are actively monitored and managed by NOC and SOC teams, backed by certified engineers across every technology domain including but not limited to the M365, cloud, SAAS, electronic security, VoIP, contact center, SMS, SD-WAN, and mobile device technologies.
How BTI Closes this Current M365 Attack Vector
| Security Layers | How BTI Locks it Down |
|---|---|
| Microsoft 365 E-mail Security | Advanced, behavior-based filtering blocks Axios-powered phishing and Direct Send exploits before inbox delivery. |
| Multi-Factor Authentication (2FA) | BTI implements hardened MFA with push token validation, real-time session analysis, and anti-replay protections to neutralize Salty-style phishing kits. |
| Vulnerability Management | Proactive, automated scanning and patching of endpoints, servers, and edge devices, eliminating known exploits before actors can weaponize them. |
| Network Architecture (SD-WAN/VPN) | BTI-engineered segmentation, encrypted tunnels, and policy-driven traffic control reduce blast radius and lateral movement in breach attempts. |
| Unified Threat Detection & Response | Continuous monitoring by SOC/NOC teams, with centralized alerting, forensic logging, and coordinated response across all attack surfaces. |
| User Awareness & Training | Ongoing, adaptive training ensures users can identify modern phishing tactics, like MFA fatigue, QR-code baiting, and Axios-based lures. |
Our Cybersecurity Stack Isn’t Just “Best Practices.” It’s Best in Class
Where most MSPs offer a tool as a package or bundle, BTI builds what’s necessary. That means:
- Enterprise Class Tools without the Enterprise Bloat
- Automation where it matters, human oversight where it’s critical
- Expert Design and Real Human Support
Most customers either have a false sense of security or a lack of understanding and visibility.
Axios abuse and Salty 2FA kits don’t just prove that phishing is alive, they show that even the best platforms won’t save you if any of your patchwork of vendors for any individual business technology is negligent or unaware. This particular attack uses your systems and abuses your negligence to hijack your business. If after hearing about it, you find you had to take action to fix it after the fact, you’ll probably have bigger problems in the future. What action are you taking to make sure you’re not vulnerable to the next one and the one after that?
BTI Communications Group provides active defenses, teamwork, and actual expertise that you need right now.
Contact BTI today for a free vulnerability assessment. Eliminate the hidden crime tax, and secure your environment for the future.
Stay Ahead of Microsoft 365 Breaches and Compliance Risks.
BTI helps you prevent account takeovers, protect sensitive data, and meet strict compliance requirements.
