Newsletter
But let’s see where it comes from.
Threat actors are increasingly using Greatness, a phishing-as-a-service (PhaaS) provider, to target companies around the world with authentic-looking landing pages that are actually just stealing sensitive data.
According to a new report from Cisco Talos, the tool that was first created in mid-2022 is experiencing a significant increase in users as threat actors target Microsoft 365 accounts of companies in the United States , Canada, United Kingdom, Australia and South Africa.
Attackers target companies in the manufacturing, healthcare, technology, education, real estate, construction, finance and business services industries, seeking to obtain sensitive data or user credentials.
Simple setup
What’s worse is that Greatness greatly simplifies the process of setting up a fishing campaign, significantly lowering the barrier to entry.
To attack a company, hackers only need to do a few things: log into the service with their API key; provide a list of destination email addresses; create the email content (and change any other default details as they see fit).
After that, Greatness does the grunt work of mailing to victims. Those who fall for the trick and open the accompanying attachment will receive obfuscated JavaSCript code that connects to the service’s server and grabs the malicious landing page.
The page itself is partially automated: it will take the target company’s registration and background image from the employer’s authentic Microsoft 365 login page and pre-populate the correct email address, doing the most credible for the target.
The landing page then acts as an intermediary between the user and the actual Microsoft 365 login page, moving them through the authentication flow and even requesting the MFA code, if the authentication multifactor is set up on the account. Once the user logs in, attackers grab the session cookie through Telegram, bypassing MFA and gaining access.
“Authenticated sessions usually time out after a while, which is possibly one of the reasons why the telegram bot is used – it informs the attacker about valid cookies as soon as possible to ensure that they can arrive quickly if the target is interesting,” the Cisco report states. .
Via: Bleeping Computer (opens in a new tab)
Source link
It is imperative for Microsoft users everywhere to remain vigilant and on their guard against a dangerous phishing attack that is currently circulating. According to a recent report by TechToday, people should take notice to protect their personal data and financial information.
The malicious attack involves an attacker sending a seemingly legitimate link that appears to be from Microsoft asking them to update their account information. Once clicked on, it will take users to a website that downloads a virus. If this website is accessed, the attacker can use personal data and sensitive financial information while simultaneously installing malware into the user’s computer.
At Ikaroa we understand just how difficult and time consuming it is to remain vigilant and up to date with all of the latest cyber threats. To assist with this, we have put together a comprehensive cyber security package to help keep our clients safe. This includes regularly updated firewalls, malware protection, system monitoring and patching, and 24/7 security incident response services.
For those looking for other methods to protect themselves from phishing scams, it is important to be wary of any suspicious emails, links or attachments and to only provide personal information or financial information on trusted websites. Lastly, ensure you are running a secure anti-virus software, firewall and regularly keeping your operating system up-to-date.
At Ikaroa, we take cyber security seriously and are committed to helping our clients protect their information and data. With our secure and reliable cyber security package, our clients can rest assured that their data is safe.
