This dangerous phishing attack is targeting Microsoft users everywhere, so be on your guard
Date:
Thu, 11 May 2023 11:02:17 +0000
Description:
Greatness phishing service is seeing an uptick, so Microsoft users should watch out.
FULL STORY ======================================================================
Threat actors are increasingly using Greatness, a phishing -as-a-service (PhaaS) provider, to target businesses across the world with
authentic-looking landing pages that, in reality, just steal sensitive data.
According to a new report by Cisco Talos, the tool that was first set up in mid-2022 is seeing a significant uptick in users, as threat actors target Microsoft 365 accounts from companies in the United States, Canada, the U.K., Australia, and South Africa.
The attackers are going for firms in manufacturing, healthcare, technology, education, real estate, construction, finance, and business services industries, looking to obtain sensitive data, or user credentials. Simple setup
The worst part is that Greatness greatly simplifies the process of setting up a phishing campaign, significantly lowering the barrier for entry.
To attack a firm, the hackers need only do a few things: log into the service using their API key; provide a list of target email addresses; create the emails content (and change any other default details, as they see fit).
After that, Greatness handles the gruntwork of mailing the victims. Those
that fall for the trick and open the accompanying attachment, will receive an obfuscated JavaSCript code that connects with the services server and grabs the malicious landing page. Read more
These dangerous phishing attacks are more common than ever - here's what
you need to know
Thousands of Microsoft servers are at risk from some serious security bugs
Here's our list of the best firewalls around
The page itself is partly automated - it will grab the target companys log
and background image from the employers authentic Microsoft 365 login page, and will pre-fill the correct email address, making it more believable to the target.
The landing page then acts as a middleman between the user and the actual Microsoft 365 login page, moving through the authentication flow and even requesting the MFA code, if multi-factor authentication is set up on the account. Once the user logs in, the attackers grab the session cookie via Telegram, circumventing MFA and getting access.
"Authenticated sessions usually time out after a while, which is possibly one of the reasons the telegram bot is used - it informs the attacker about valid cookies as soon as possible to ensure they can reach quickly if the target is interesting," Ciscos report states. Check out the best malware removal tools right now
Via: BleepingComputer
======================================================================
Link to news story:
https://www.techradar.com/news/this-dangerous-phishing-attack-is-targeting-mic rosoft-users-everywhere-so-be-on-your-guard
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)