1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft 365 users need to be on their guard new phishing campa

    From TechnologyDaily@1337:1/100 to All on Mon Jan 29 18:30:05 2024
    Microsoft 365 users need to be on their guard new phishing campaign could cause some serious damage, and it's being offered for sale for barely nothing to lure new criminals in

    Date:
    Mon, 29 Jan 2024 18:25:35 +0000

    Description:
    Greatness phishing kit comes with quite a few bells and whistles and is being offered for a low price.

    FULL STORY ======================================================================

    A new report from Trustwave cybersecurity researchers SpiderLabs has claimed hackers are increasingly turning to the Greatness phishing kit due to its advanced features, simplicity in use, and relatively low cost.

    Greatness was developed by a threat actor going by the alias fisherstell and has been available since mid-2022, primarily targeting Microsoft 365 office software users.

    Other hackers can rent the tool to get everything they need to launch a successful phishing campaign - from email generation, to anti-detection measures, to an active community happy to help. Bypassing MFA

    To purchase a license, hackers would need to go to the tools Telegram channel and pay $120 a month, in Bitcoin. After that, they get customizable email elements where they can tweak sender names, email addresses, subjects, messages, attachments, and QR codes. They can also use features such as randomizing headers, encoding, and other obfuscation techniques aimed at bypassing email security filters and making it into the victims inboxes.

    While all of the features probably sound enticing, its the price that makes all the difference, Trustwave hints. This signifies the widening availability for anyone to launch phishing campaigns with a minimal charge of $120 per month in Bitcoin, lowering the barrier of entry for cybercrime, the company said .

    The kit is designed to target Microsoft 365 accounts credentials. It can even bypass multi-factor authentication (MFA) solutions, by asking victims for the codes sent to their phones and email addresses. Finally, the usernames and passwords that get extracted via this phishing attack get sent to the attackers through Telegram, once again.

    To remain secure, Microsoft 365 users are advised to be careful when reading and reacting to emails, especially those that carry a sense of urgency (pending transaction, returning parcel, salary inquiries, etc.), or attachments which could be malware . More from TechRadar Pro What is phishing and how dangerous is it? Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-365-users-need-to-be-on-their -guard-new-phishing-campaign-could-cause-some-serious-damage-and-its-being-off ered-for-sale-for-barely-nothing-to-lure-new-criminals-in


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)