Microsoft 365 users targeted by major phishing campaign
Someone’s going after C-level execs with tailored Microsoft 365 phishing emails
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Someone is targeting high-profile individuals such as C-level executives with super-tailoredphishingemails, cybersecurity researchers from Proofpoint have claimed.
The company says it has recently unovered a major campaign whose goal is to stealMicrosoft 365accounts leveraging a known phishing-as-a-service provider known as EvilProxy.
This tool costs around $400 a month and was used to send some 120,000 phishing emails to more than a hundred organizations in the past couple of months. In this particular campaign, the threat actors are stealing login credentials and multi-factor authentication (MFA) codes by redirecting the users multiple times until they land on the specially crafted, malicious landing page. That not only allows them to steal the needed information, but also to evade detection.
Turkish threat actors?
“In order to hide the user email from automatic scanning tools, the attackers employed special encoding of the user email, and used legitimate websites that have been hacked, to upload their PHP code to decode the email address of a particular user,” Proofpoint said in its writeup.
“After decoding the email address, the user was forwarded to the final website – the actual phishing page, tailor-made just for that target’s organization.”
The researchers also speculate that the attackers are from Turkey, because users with Turkish IP addresses are redirected to the legitimate site immediately and the entire operation gets called off.
Some of Google’s new domain names could pose a serious security risk>These dangerous phishing attacks are more common than ever - here’s what you need to know>Here’s our list of the best ID theft protection software
The researchers also determined that the entire operation was very precise. Targets that were “lower” in an organization’s hierarchy were ignored, or de-prioritized. Instead, high-position individuals, “VIP” targets, were more attractive. Almost two in five (39%) of the breached accounts were C-Suite, almost a tenth (9%) were CEOs and vice presidents, and almost a fifth (17%) were CFOs.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The rest were not executives, but still individuals with access to sensitive information, or financial assets.
The only way to defend against these attacks is to make sure the targets don’t fall for the trap and click on the link, or download the attachment, sent in these emails. FIDO-based physical keys can also help, the researchers concluded.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
7 myths about email security everyone should stop believing
Google TV will require more RAM for future upgrades – which might leave older TVs and streaming boxes behind
