EvilProxy Hits Microsoft 365 Business Accounts

Uploaded on 2023-08-21 in FREE TO VIEW

A phishing campaign using the EvilProxy phishing-as-a-service (PhaaS) tool has been spotted targeting Microsoft 365 user accounts of C-level executives and managers in organisations around the world.

Researchers at Proofpoint recently identified that these threat actors have been phishing-as-a-service called EvilProxy to target cloud-based Microsoft 365  and steal credentials that were previously protected by multi-factor authentication (MFA) and session cookies.

In the last six months Proofpoint’s researchers have said that they have seen a significant increase of over 100% in cloud account takeover incidents that have affected companies worldwide. “Since early March, Proofpoint researchers have been monitoring an ongoing hybrid campaign using EvilProxy to target thousands of Microsoft 365 user accounts... This campaign’s overall spread is impressive, with approximately 120,000 phishing emails sent to hundreds of targeted organisations across the globe between March and June 2023,” says Proofpoint.

The Proofpoint researchers say that the EvilProxy threat uses sophisticated Adversary-in-the-Middle phishing with advanced account takeover methods, this appears to be in response to the growing adoption of MFA by many organisations.

The attackers appear to the victim as a service such as DocuSign, Adobe and the business expense management system Concur. Emails that seem to be from these companies contained malicious URLs that initiated a multi-step infection chain.

Once the victim user provided their credentials, attackers could log into their Microsoft 365 account within seconds, indicating a streamlined and automated process.

Proofpoint’s researchers said that threat actors often target specific job functions or departments, and their methods and techniques must constantly evolve, such as finding ways to bypass MFA. Contrary to popular belief, not even MFA works as a silver bullet against sophisticated cloud-based threats. The researchers said malicious actors can hide undetected in an organisation’s environment once they are inside the network, waging attacks such as email fraud, including business email compromise.

The EvilProxy kit was first detected in May 2022, according to the cyber security company Resecurity, when its developers posted a video tutorial on its use. As of last fall, the package was available on the dark web for $400.Organisations can only defend against this threat through higher security awareness, stricter email filtering rules, and adopting FIDO-based physical keys.

SC Media:     Proofpoint:     SC Media:     IT Security News:     Bleeping Computer:     The Record:     Resecurity

 

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« US Defense Agency Announces Major AI Challenge
‘Bitcoin Bonnie & Clyde’ Go To Jail  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

ON-DEMAND WEBINAR: Harnessing the power of Security Information and Event Management (SIEM)

Join our experts as they give the insights you need to power your Security Information and Event Management (SIEM).

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Perkins Coie LLP

Perkins Coie LLP

Perkins Coie LLP is an internationalk law firm with offices across the USA and Asia. Practice areas include Privacy and Data Security.

AA Certification (AAC)

AA Certification (AAC)

AAC provide ISO Quality Management System certification services including ISO 27001.

Mobile Guroo

Mobile Guroo

Mobile Guroo is a strategy and systems integrator for Enterprise Mobility Management projects.

ACI Worldwide

ACI Worldwide

ACI Worldwide powers electronic payments for more than 5,000 organizations around the world.

Pindrop Security

Pindrop Security

Pindrop solutions are leading the way to the future of voice by establishing the standard for security, identity, and trust for every voice interaction.

Hornetsecurity

Hornetsecurity

Meet Hornetsecurity – Leading Cloud Email Security Provider. We protect global organizations so you can focus on what you do best.

Information & eGovernment Authority (iGA) - Bahrain

Information & eGovernment Authority (iGA) - Bahrain

The Information & eGovernment Authority facilitates many services catering to different parts of the community within the IT sector in Bahrain including information security.

Sonrai Security

Sonrai Security

Sonrai Security delivers an enterprise security platform focused on identity and data protection inside AWS, Azure, and Google Cloud.

DKBInnovative

DKBInnovative

DKBinnovative is a best-practice driven IT management firm that provides secure, reliable IT solutions to productivity-focused clients around the globe.

Sylint

Sylint

Sylint is an internationally recognized cyber security and digital data forensics firm with extensive experience discretely addressing some of today’s biggest cyber breaches.

UST

UST

UST is a global provider of digital technology and transformation, IT services and solutions including managed security services.

CliftonLarsonAllen (CLA)

CliftonLarsonAllen (CLA)

CLA exists to create opportunities for our clients through industry-focused advisory, outsourcing, audit, tax, and consulting services.

LAVAAT

LAVAAT

At LAAVAT, our goal is to make it easy for our customers to build secure IoT devices without a need to invest considerably in embedded security and cryptography expertise.

AccountabilIT

AccountabilIT

AccountabilIT is a full spectrum information technology services firm for enterprises with complex information technology needs seeking relief from those challenges.

KCS Group Europe

KCS Group Europe

KCS Group helps its clients to identify and deal with any risks, weaknesses and threats which could impact on the business financially or reputationally.

Cybercentry

Cybercentry

Cybercentry is a specialist information security, data protection and cyber security consultancy.