๎ ‚May 13, 2023๎ „Ravi Lakshmanan

A new Phishing as a Service (PhaaS or PaaS) platform named Great has been exploited by cybercriminals to target business users of Microsoft 365 cloud services since at least mid-2022, effectively lowering the entry barrier for phishing attacks.

โ€œGreatness is currently focused solely on Microsoft 365 phishing pages and provides affiliates with an attachment and link builder that creates compelling decoy and login pages,โ€ said a Cisco Talos researcher. says Tiago Pereira of Said.

“This includes features such as pre-filling the victim’s email address and displaying the appropriate company logo and background image extracted from the targeted organization’s actual Microsoft 365 login page. โ€

Campaigns involving Greatness involve manufacturing, healthcare, and technology entities primarily located in the US, UK, Australia, South Africa, and Canada, with spikes in activity detected in December 2022 and March 2023 it was done.

cyber security

Phishing kits like Greatness provide attackers and newcomers alike with a cost-effective and scalable one-stop-shop to design compelling login pages associated with various online services, Allows you to bypass two-factor authentication (2FA) protection.

Specifically, the decoy page that appears to be real is reverse proxy Collects victim-entered credentials and time-based one-time passwords (TOTPs).

Phishing as a Service

The attack chain begins with a malicious email containing an HTML attachment. This email, upon opening, runs obfuscated JavaScript code and redirects the user to a landing page pre-filled with the recipient’s email address, prompting for a password and her MFA code.

The entered credentials and tokens are then forwarded to the affiliate’s Telegram channel to gain unauthorized access to the account in question.

AiTM Phishing Kit also comes with an admin panel that allows affiliates to set up Telegram bots, track stolen information, and build boobytrapped attachments and links.

upcoming webinars

Learn how to stop ransomware with real-time protection

Join our webinar to learn how to stop ransomware attacks using real-time MFA and service account protection.

Reserve your seat!

Additionally, each affiliate must have a valid API key to be able to load the phishing page. API keys also prevent unwanted IP addresses from viewing phishing pages and facilitate behind-the-scenes communication with real Microsoft 365 login pages while impersonating victims.

Phishing as a Service

“Phishing kits and APIs work together to carry out a ‘man-in-the-middle’ attack, request information from the victim, and the API sends that information to the legitimate login page in real time,” Pereira said.

โ€œThis allows PaaS affiliates to steal usernames and passwords in addition to authenticated session cookies if the victim is using MFA.โ€

This survey was published by Microsoft Began After May 8, 2023, enforce number verification with Microsoft Authenticator push notifications, boost 2FA protection, and avoid instant bombardment attacks.

Did you enjoy this article? Follow us twitter โ—‹ and LinkedIn To read more of the exclusive content we post.

cropped-BTA_Logo-B-1-scaled-1
YOUR FUTURE STARTS HERE.

BLUE TRAINING ACADEMY

Register now for our membership to gain access to our elite training program and fast forward your career today!

Newsletter

Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

cropped-BTA_Logo-B-1-scaled-1
Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ยฉ๏ธ All rights reserved. | Blue Training Academy Blog