EvilProxy Hits Microsoft 365 Business Accounts

Uploaded on 2023-08-21 in FREE TO VIEW

A phishing campaign using the EvilProxy phishing-as-a-service (PhaaS) tool has been spotted targeting Microsoft 365 user accounts of C-level executives and managers in organisations around the world.

Researchers at Proofpoint recently identified that these threat actors have been phishing-as-a-service called EvilProxy to target cloud-based Microsoft 365  and steal credentials that were previously protected by multi-factor authentication (MFA) and session cookies.

In the last six months Proofpoint’s researchers have said that they have seen a significant increase of over 100% in cloud account takeover incidents that have affected companies worldwide. “Since early March, Proofpoint researchers have been monitoring an ongoing hybrid campaign using EvilProxy to target thousands of Microsoft 365 user accounts... This campaign’s overall spread is impressive, with approximately 120,000 phishing emails sent to hundreds of targeted organisations across the globe between March and June 2023,” says Proofpoint.

The Proofpoint researchers say that the EvilProxy threat uses sophisticated Adversary-in-the-Middle phishing with advanced account takeover methods, this appears to be in response to the growing adoption of MFA by many organisations.

The attackers appear to the victim as a service such as DocuSign, Adobe and the business expense management system Concur. Emails that seem to be from these companies contained malicious URLs that initiated a multi-step infection chain.

Once the victim user provided their credentials, attackers could log into their Microsoft 365 account within seconds, indicating a streamlined and automated process.

Proofpoint’s researchers said that threat actors often target specific job functions or departments, and their methods and techniques must constantly evolve, such as finding ways to bypass MFA. Contrary to popular belief, not even MFA works as a silver bullet against sophisticated cloud-based threats. The researchers said malicious actors can hide undetected in an organisation’s environment once they are inside the network, waging attacks such as email fraud, including business email compromise.

The EvilProxy kit was first detected in May 2022, according to the cyber security company Resecurity, when its developers posted a video tutorial on its use. As of last fall, the package was available on the dark web for $400.Organisations can only defend against this threat through higher security awareness, stricter email filtering rules, and adopting FIDO-based physical keys.

SC Media:     Proofpoint:     SC Media:     IT Security News:     Bleeping Computer:     The Record:     Resecurity

 

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« US Defense Agency Announces Major AI Challenge
‘Bitcoin Bonnie & Clyde’ Go To Jail  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Together

Cyber Together

Cyber Together is dedicated to advancing the cyber security industry by giving businesses access to Israel’s leaders, innovators and great minds in the field of cyber security.

Cyber adAPT

Cyber adAPT

Cyber adAPT offers a leading network threat detection platform (NTD) to the enterprise and ODM/OEM markets.

Reblaze Technologies

Reblaze Technologies

Reblaze provides the world’s best security technologies in a cloud-based website security platform.

Egyptian Supreme Cybersecurity Council (ESCC)

Egyptian Supreme Cybersecurity Council (ESCC)

ESCC is responsible for developing a national strategy to face and respond to the cyber threats and attacks and to oversee its implementation and update.

IronNet Cybersecurity

IronNet Cybersecurity

IronNet’s product and services provide enterprise-wide security management and visibility of your network, users and assets.

CyberSecurityTrainingCourses.com

CyberSecurityTrainingCourses.com

Cyber Security Training Courses is a portal to help candidates find the best courses to progress their career within the IT security industry.

Cyber Security & Cloud Expo

Cyber Security & Cloud Expo

The Cyber Security & Cloud Expo is an international event series in London, Amsterdam and Silicon Valley.

MISP Project

MISP Project

The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators.

WisePlant

WisePlant

WisePlant's portfolio of solutions and services includes process measurement, secure automation, industrial cybersecurity, functional safety and more.

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

Cybersecurity Maturity Model Certification Center of Excellence (CMMC COE)

CMMC COE is an IT-AAC sponsored public–private partnership that will be the focal point for entities seeking to achieve Cybersecurity Maturity Model Certification.

Ghost Security

Ghost Security

Ghost is a venture backed, product-led startup building the new standard in application security for the modern enterprise.

KBE Information Security

KBE Information Security

KBE is a global consulting firm, with offices in Toronto and Milan, which specializes in the area of IT and information security with over 20 years of experience.

Cura Technology

Cura Technology

Cura Technology offers a wide array of security solutions meticulously designed to address specific facets of your security requirements.

Cyphershield

Cyphershield

Cypershield is a Security and Smart Contract audit company providing professional smart contract auditing services for varied Crypto projects.

DataProof Communications

DataProof Communications

DataProof Communications is Cybersecurity Company specialising in cybersecurity operations, incident management and response best practices and technologies.

Instil Software

Instil Software

Instil helps technology brands transform, innovate and disrupt their markets with category-defining software products that challenge us to think, feel and act in new ways.