Search Mobile-alt Envelope Facebook Linkedin Youtube Bell

Phishing-as-a-Service gets smarter: Microsoft sounds alarm on AiTM attacks

Search Mobile-alt Envelope Bell

Find out more below

Phishing-as-a-Service gets smarter: Microsoft sounds alarm on AiTM attacks

The increase in adversary-in-the-middle (AiTM) techniques are being propagated as part of the phishing-as-a-service (PhaaS) cybercrime model.

Published on 1st September 2023

Microsoft is warning of an increase in adversary-in-the-middle (AiTM) phishing techniques, which are being propagated as part of the phishing-as-a-service (PhaaS) cybercrime model.

In addition to an uptick in AiTM-capable PhaaS platforms, the tech giant noted that existing phishing services like PerSwaysion are incorporating AiTM capabilities.

“This development in the PhaaS ecosystem enables attackers to conduct high-volume phishing campaigns that attempt to circumvent MFA protections at scale,” the Microsoft Threat Intelligence team said in a series of posts on X (formerly Twitter).

Phishing kits with AiTM capabilities work in two ways, one of which concerns the use of reverse proxy servers (i.e., the phishing page) to relay traffic to and from the client and legitimate website and stealthily capture user credentials, two-factor authentication codes, and session cookies.

A second method involves synchronous relay servers.

“In AiTM through synchronous relay servers the target is presented with a copy or mimic of a sign-in page, like traditional phishing attacks,” Microsoft said. “Storm-1295, the actor group behind the Greatness PhaaS platform, offers synchronous relay services to other attackers.”

Greatness was first documented by Cisco Talos in May 2023 as a service that lets cybercriminals target business users of the Microsoft 365 cloud service using convincing decoy and login pages. It’s said to have been active since at least mid-2022.

The ultimate goal of such attacks is to siphon session cookies, enabling threat actors to access privileged systems without reauthentication.

“Circumventing MFA is the objective that motivated attackers to develop AiTM session cookie theft techniques,” the tech giant noted. “Unlike traditional phishing attacks, incident response procedures for AiTM require revocation of stolen session cookies.”

Source

https://thehackernews.com/2023/08/phishing-as-service-gets-smarter.html

Search
Follow us on social media
Facebook Linkedin Youtube
Get the latest updates
Subscribe here
Copyright © EasySAM 2024

The latest updates straight to your inbox

We just need a few details to get you subscribed

More info

Health Checks

SAMplicity 365 Lite

A simple health check of what's being used across your Office 365 estate in this FREE, Microsoft backed and easy to setup review.

SAMplicity MOT

Just like you would with your vehicle each year, get an annual check up of your software asset management programme.

SAMplicity Process

Overwhelmed by the task of documenting the steps for a successful SAM programme? Get the experts in to help!

SAMplicity Tool Check

Concerned your SAM tools aren't covering your whole estate? Or on the look out for an entirely new tool? Get us in to assist.

Inventory & Compliance

SAMplicity Discovery

Not content with covering all things SAM related, we've teamed up with Capital to provide a comprehensive hardware asset management review.

SAMplicity One

A simple, one-time reconciliation of the software you have deployed versus the licence entitlement you own.

SAMplicity Plus

A regularly scheduled analysis of your organisation's estate, specifically adapted to your needs and budget.

Cloud Readiness & Optimisation

SAMplicity 365

A full appraisal of your Microsoft 365 setup and how best to optimise it through automated recommendations.

SAMplicity Cloud

An add-on to our SAMplicity One, MOT and Plus offerings, quickly diagnose your ability to migrate your resources to the cloud.

Agreement & Audit Support

SAMplicity Contract

In collaboration with law firm Addleshaw Goddard, ensure the legality of your SAM programme and get assistance with any contract disputes.

SAMplicity Response

Available as standard with SAMplicity Plus, ensure you're compliant if you're unexpectedly audited by a vendor.

Learning

SAMplicity Academy

We've teamed up with some of the forefront experts in licensing knowledge so you can teach yourself to be an expert too.

SAMplicity Training

Stumped by the continually evolving complexities of SAM? Join us for one of our comprehensive courses, either in-person or online.

View all services

Addleshaw Goddard

Block 64

Capital

Flexera

ITEXACT

Ivanti

License Dashboard

Licensing School

Raynet

Snow Software

TBSC

View all partners

What is SAM?

Services

Partners

Blog

Events

Knowledge Base

News

Contact Us

Login

Mobile-alt Envelope Facebook Linkedin Youtube Bell

Looking for something specific?

Let's see what we can find - just type in what you're after

Wait! Before you go

Have you signed up to our newsletter yet?

It’s chock full of useful advice, exclusive events and interesting articles. Don’t miss out!

Subscribe here

Cookie Notice

Our website uses cookies to ensure you have the best experience while you're here.

Accept
Reject