• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
new phishing as a service platform lets cybercriminals generate convincing phishing pages

New Phishing-as-a-Service Platform Lets Cybercriminals Generate Convincing Phishing Pages

You are here: Home / General Cyber Security News / New Phishing-as-a-Service Platform Lets Cybercriminals Generate Convincing Phishing Pages
May 13, 2023

A new phishing-as-a-provider (PhaaS or PaaS) system named Greatness has been leveraged by cybercriminals to focus on business users of the Microsoft 365 cloud services due to the fact at least mid-2022, proficiently decreasing the bar to entry for phishing attacks.

“Greatness, for now, is only focused on Microsoft 365 phishing pages, supplying its affiliates with an attachment and website link builder that results in hugely convincing decoy and login pages,” Cisco Talos researcher Tiago Pereira stated.

“It includes functions these as possessing the victim’s email tackle pre-loaded and exhibiting their proper organization brand and background graphic, extracted from the focus on organization’s actual Microsoft 365 login webpage.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Campaigns involving Greatness have generally producing, health and fitness care, and technology entities situated in the U.S., the U.K., Australia, South Africa, and Canada, with a spike in action detected in December 2022 and March 2023.

Cybersecurity

Phishing kits like Greatness provide menace actors, rookies or in any other case, a charge-powerful and scalable one-halt store, generating it achievable to layout convincing login webpages associated with different on the web solutions and bypass two-factor authentication (2FA) protections.

Specially, the genuine-wanting decoy webpages function as a reverse proxy to harvest credentials and time-primarily based a single-time passwords (TOTPs) entered by the victims.

phishing-as-a-service

Attack chains start with malicious emails that contains an HTML attachment, which, upon opening, executes obfuscated JavaScript code that redirects the consumer to a landing webpage with the recipient’s email deal with currently pre-stuffed and prompts for their password and MFA code.

The entered qualifications and tokens are subsequently forwarded to the affiliate’s Telegram channel for acquiring unauthorized obtain to the accounts in dilemma.

The AiTM phishing kit also comes with an administration panel that allows the affiliate to configure the Telegram bot, hold track of stolen details, and even develop booby-trapped attachments or one-way links.

Future WEBINARLearn to End Ransomware with Actual-Time Safety

Sign up for our webinar and study how to halt ransomware attacks in their tracks with serious-time MFA and assistance account protection.

Help you save My Seat!

What is actually a lot more, every affiliate is envisioned to have a valid API key in get to be capable to load the phishing page. The API vital also helps prevent undesirable IP addresses from viewing the phishing web site and facilitates driving-the-scenes interaction with the genuine Microsoft 365 login page by posing as the victim.

phishing-as-a-service

“Working collectively, the phishing package and the API carry out a ‘man-in-the-middle’ attack, requesting info from the target that the API will then submit to the legitimate login website page in true time,” Pereira stated.

“This enables the PaaS affiliate to steal usernames and passwords, alongside with the authenticated session cookies if the target makes use of MFA.”

The conclusions come as Microsoft has begun enforcing amount matching in Microsoft Authenticator thrust notifications as of May well 8, 2023, to make improvements to 2FA protections and fend off prompt bombing attacks.

Located this post intriguing? Observe us on Twitter  and LinkedIn to read far more exclusive content material we post.


Some elements of this short article are sourced from:
thehackernews.com

Previous Post: «xworm malware exploits follina vulnerability in new wave of attacks XWorm Malware Exploits Follina Vulnerability in New Wave of Attacks
Next Post: Shift Everywhere: Download This Ultimate Guide to Integrating AppSec in DevOpswww.checkmarx.comDevSecOps / AppSecCheckmarx One, it's an investment in growth.Drive sales with the most trusted AppSec platform. Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised
  • US and Korean Agencies Issue Warning on North Korean Cyber-Attacks
  • Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
  • New Botnet Malware ‘Horabot’ Targets Spanish-Speaking Users in Latin America
  • The Importance of Managing Your Data Security Posture
  • Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
  • Insurers Predict $33bn Bill for Catastrophic “Cyber Event”
  • Chinese Phishing Gang “PostalFurious” Expands Campaign
  • Kaspersky Says it is Being Targeted By Zero-Click Exploits
  • North Korea’s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks

Copyright © TheCyberSecurity.News, All Rights Reserved.