CarderPlanet
Professional
- Messages
- 2,552
- Reaction score
- 724
- Points
- 113
Only one message leads to the theft of confidential information of companies.
Researchers at Menlo Security have discovered a new phishing campaign targeting the Microsoft 365 accounts of key CEOs of organizations in the United States. As part of the campaign, cybercriminals are abusing Open redirects from the Indeed job search site.
The attacker uses the phishing tool EvilProxy, which can collect session cookies, which allows you to bypass multiple authentication mechanisms (Multi-Factor Authentication, MFA).
Menlo Security reports that the phishing campaign targets executive directors and senior employees from various industries, including electronics manufacturing, banking and finance, real estate, insurance, and property management.
Open Redirect is a type of vulnerability where a web application allows users to redirect to arbitrary external URLs without proper verification. This means that an attacker can create a malicious link that redirects the user to fake or dangerous websites. Because the link comes from a trusted source, it can bypass email security measures or advance in search results without arousing suspicion.
Attack Chain
In the detected campaign, attackers use an open redirect to indeed.com, an American job search site. Targets receive emails with a link to indeed.com, which looks legitimate. When accessed, the URL redirects the user to a phishing site that acts as a reverse proxy for the Microsoft login page.
EvilProxy is a Phishing-as-a-Service (PaaS) platform that uses reverse proxies to facilitate communication and transfer of user data between the target and a genuine online service (in this case, Microsoft).
When a user gets access to their account through a phishing server that mimics a login page, an attacker can hijack the victim's cookies. Since the victim has already completed the required MFA steps during login, the stolen cookies grant the cybercriminal full access to the victim's account.
The disclosed phishing campaign highlights the growing use of sophisticated techniques by cybercriminals to bypass security systems and target key performers in leading industries. Effective use of PaaS and website vulnerabilities to redirect users to fake login pages threatens not only individual security, but also corporate security on a broader level.
Attackers who gain access to the accounts of senior management can gain access to confidential information, which can lead to significant financial losses and damage to the reputation of companies. The attack highlights the need to strengthen cybersecurity measures and train staff to be aware of phishing threats in order to minimize risks and provide reliable protection against such attacks.
Researchers at Menlo Security have discovered a new phishing campaign targeting the Microsoft 365 accounts of key CEOs of organizations in the United States. As part of the campaign, cybercriminals are abusing Open redirects from the Indeed job search site.
The attacker uses the phishing tool EvilProxy, which can collect session cookies, which allows you to bypass multiple authentication mechanisms (Multi-Factor Authentication, MFA).
Menlo Security reports that the phishing campaign targets executive directors and senior employees from various industries, including electronics manufacturing, banking and finance, real estate, insurance, and property management.
Open Redirect is a type of vulnerability where a web application allows users to redirect to arbitrary external URLs without proper verification. This means that an attacker can create a malicious link that redirects the user to fake or dangerous websites. Because the link comes from a trusted source, it can bypass email security measures or advance in search results without arousing suspicion.
Attack Chain
In the detected campaign, attackers use an open redirect to indeed.com, an American job search site. Targets receive emails with a link to indeed.com, which looks legitimate. When accessed, the URL redirects the user to a phishing site that acts as a reverse proxy for the Microsoft login page.
EvilProxy is a Phishing-as-a-Service (PaaS) platform that uses reverse proxies to facilitate communication and transfer of user data between the target and a genuine online service (in this case, Microsoft).
When a user gets access to their account through a phishing server that mimics a login page, an attacker can hijack the victim's cookies. Since the victim has already completed the required MFA steps during login, the stolen cookies grant the cybercriminal full access to the victim's account.
The disclosed phishing campaign highlights the growing use of sophisticated techniques by cybercriminals to bypass security systems and target key performers in leading industries. Effective use of PaaS and website vulnerabilities to redirect users to fake login pages threatens not only individual security, but also corporate security on a broader level.
Attackers who gain access to the accounts of senior management can gain access to confidential information, which can lead to significant financial losses and damage to the reputation of companies. The attack highlights the need to strengthen cybersecurity measures and train staff to be aware of phishing threats in order to minimize risks and provide reliable protection against such attacks.