EvilProxy Hits Microsoft 365 Business Accounts

A phishing campaign using the EvilProxy phishing-as-a-service (PhaaS) tool has been spotted targeting Microsoft 365 user accounts of C-level executives and managers in organisations around the world.

Researchers at Proofpoint recently identified that these threat actors have been phishing-as-a-service called EvilProxy to target cloud-based Microsoft 365  and steal credentials that were previously protected by multi-factor authentication (MFA) and session cookies.

In the last six months Proofpoint’s researchers have said that they have seen a significant increase of over 100% in cloud account takeover incidents that have affected companies worldwide. “Since early March, Proofpoint researchers have been monitoring an ongoing hybrid campaign using EvilProxy to target thousands of Microsoft 365 user accounts... This campaign’s overall spread is impressive, with approximately 120,000 phishing emails sent to hundreds of targeted organisations across the globe between March and June 2023,” says Proofpoint.

The Proofpoint researchers say that the EvilProxy threat uses sophisticated Adversary-in-the-Middle phishing with advanced account takeover methods, this appears to be in response to the growing adoption of MFA by many organisations.

The attackers appear to the victim as a service such as DocuSign, Adobe and the business expense management system Concur. Emails that seem to be from these companies contained malicious URLs that initiated a multi-step infection chain.

Once the victim user provided their credentials, attackers could log into their Microsoft 365 account within seconds, indicating a streamlined and automated process.

Proofpoint’s researchers said that threat actors often target specific job functions or departments, and their methods and techniques must constantly evolve, such as finding ways to bypass MFA. Contrary to popular belief, not even MFA works as a silver bullet against sophisticated cloud-based threats. The researchers said malicious actors can hide undetected in an organisation’s environment once they are inside the network, waging attacks such as email fraud, including business email compromise.

The EvilProxy kit was first detected in May 2022, according to the cyber security company Resecurity, when its developers posted a video tutorial on its use. As of last fall, the package was available on the dark web for $400.Organisations can only defend against this threat through higher security awareness, stricter email filtering rules, and adopting FIDO-based physical keys.

SC Media:     Proofpoint:     SC Media:     IT Security News:     Bleeping Computer:     The Record:     Resecurity

 

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« US Defense Agency Announces Major AI Challenge
‘Bitcoin Bonnie & Clyde’ Go To Jail  »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

AlgoSec

AlgoSec

The AlgoSec platform enables the world’s most complex organizations to gain visibility, reduce risk and process changes at zero-touch across the hybrid network.

Navista

Navista

Navista's hardware and software modules are especially designed to ease the deployment of secure networks.

CIRT.GY

CIRT.GY

CIRT-GY is the national Computer Incident Response Team for Guyana.

Vitrociset

Vitrociset

Vitrociset design complex systems for defence, homeland security, space and transport. Activities include secure communications and cybersecurity.

Communications Security Establishment (CSE)

Communications Security Establishment (CSE)

CSE is Canada's national cryptologic agency, providing the Government of Canada with IT Security and foreign signals intelligence (SIGINT) services.

KLDiscovery

KLDiscovery

KLDiscovery is a global leader in delivering best-in-class eDiscovery, information governance and data recovery solutions.

Securepoint

Securepoint

Securepoint is the market leader in the development of professional “Unified Threat Management” solutions in Germany.

State e-Government Agency (SEGA) - Bulgaria

State e-Government Agency (SEGA) - Bulgaria

The State e-Government Agency (SEGA) is responsible for matters relating to electronic governance in Bulgaria.

Uleska

Uleska

Uleska is a scalable platform that provides automated and continuous software security testing whilst translating cyber risk.

SmartCyber

SmartCyber

SmartCyber is a company specializing in custom IT projects and Cybersecurity.

CyberSafe

CyberSafe

CyberSafe is a Portuguese company with a focus on cybersecurity solutions and services including network security, managed security, incident response and forensic analysis.

Inetum

Inetum

Inetum (formerly Gfi Informatique) is an agile IT services providing digital services and solutions, and a global group that helps companies and institutions to get the most out of digital flow.

Opticks Security

Opticks Security

Opticks provides fraud detection and monitoring solutions for leading brands. agencies and networks. Our relentless mission is to deliver reliable and innovative software to beat digital fraud.

KBE Information Security

KBE Information Security

KBE is a global consulting firm, with offices in Toronto and Milan, which specializes in the area of IT and information security with over 20 years of experience.

Amtivo Ireland

Amtivo Ireland

Amtivo Ireland (formerly Certification Europe and EQA) offers a range of certifications and related services.

ClearFocus Technologies

ClearFocus Technologies

ClearFocus Technologies provides advanced cybersecurity services that secure our nation’s most sensitive assets.