A new phishing tool as a service (PaaS) called “Greatness” has been deployed as part of various phishing campaigns since at least mid-2022.
The findings come from security researchers at Cisco Talos, who described them in an advisory published Wednesday.
“Greatness incorporates features seen in some of the more advanced PaaS offerings, such as multi-factor authentication (MFA), IP filtering, and integration with Telegram bots,” wrote researcher Tiago Pereira .
According to the company’s research, Greatness only targets victims through phishing pages in Microsoft 365. The company offers its affiliates a link and attachment builder to create phishing pages login and look authentic.
Read more about similar attacks: Microsoft 365 apps remain the most exploited cloud services
“It contains features such as having the victim’s email address pre-populated and displaying the appropriate company logo and background image, taken from the target organization’s actual Microsoft 365 login page “, explained Pereira.
“This makes Greatness particularly suitable for fishing business users.”
After analyzing the domains targeted in several campaigns, Cisco Talos found that the victims were primarily companies located in the US, UK, Australia, South Africa and Canada.
Manufacturing, healthcare and technology were the most common sectors. However, Pereira clarified that the distribution of casualties varied slightly between campaigns in terms of country and sector.
“To use Greatness, affiliates must deploy and configure a phishing kit provided with an API key that allows even unskilled threat actors to easily exploit the service’s more advanced features,” the notice says.
“The phishing kit and API act as a proxy for the Microsoft 365 authentication system, performing a man-in-the-middle attack and stealing the victim’s credentials or authentication cookies.”
Indicators of Commitment (IOC) for research conducted by Cisco Talos are available in their GitHub repository.
The findings come a couple of months after Kaspersky security researchers discovered a new form of phishing attack that used legitimate servers of Microsoft’s collaboration platform, SharePoint.
Microsoft 365 is a powerful cloud based software used for business, educational and personal use. Unfortunately, with its widespread usage, its vulnerability to malicious phishing attacks has become evident. Last week, a powerful phishing tool has been discovered which exploits Microsoft 365 Credentials and can potentially be a severe threat to companies and individuals.
Ikaroa, a full stack tech company, is leading the way to help organizations safeguard their systems from these kinds of malicious attacks. Their ability to successfully detect and respond to malicious emails and prevent attacks from occurring was recently showcased with the discovery of the phishing tool exploiting Microsoft 365 credentials.
The phishing tool in question was designed to take advantage of Microsoft 365 single sign-in feature. The tool masquerades as a legitimate Microsoft 365 mail and redirects unsuspecting users to a third-party website. On visiting the website, the user is prompted to disclose their login credentials and the hacker can in turn gain access to the user’s Microsoft 365 account.
Organizations, who use Microsoft 365, should consider enabling Multi-Factor Authentication as this is a much stronger security option as it requires two or more forms of authentication, such as a username and a password. It also helps in decreasing the chance of success of phishing attacks, including those from the new phishing tool identified by Ikaroa.
By adopting best practices such as Multi-Factor Authentication, users can protect themselves from these kinds of malicious attacks, but no matter how secure an organization is, there is always a chance that malicious actors will find ways to exploit security. It is important that organizations are aware of their security posture and continues to monitor their environment and be prepared to respond quickly when malicious activity is identified or anticipated.
Ikaroa helps organizations monitor Microsoft 365 Accounts and identify threats, such as the one recently identified, and provides Security Incident Response teams with the tools they need to respond quickly to malicious activity. In addition, Ikaroa works with organizations to ensure their IT landscape is safe and secure from any potential malicious attack. With its cutting-edge solutions and experience to protect organizations, Ikaroa is leading the way in providing organizations peace of mind in the ever-evolving security landscape.
