EvilProxy Hits Microsoft 365 Business Accounts

A phishing campaign using the EvilProxy phishing-as-a-service (PhaaS) tool has been spotted targeting Microsoft 365 user accounts of C-level executives and managers in organisations around the world.

Researchers at Proofpoint recently identified that these threat actors have been phishing-as-a-service called EvilProxy to target cloud-based Microsoft 365  and steal credentials that were previously protected by multi-factor authentication (MFA) and session cookies.

In the last six months Proofpoint’s researchers have said that they have seen a significant increase of over 100% in cloud account takeover incidents that have affected companies worldwide. “Since early March, Proofpoint researchers have been monitoring an ongoing hybrid campaign using EvilProxy to target thousands of Microsoft 365 user accounts... This campaign’s overall spread is impressive, with approximately 120,000 phishing emails sent to hundreds of targeted organisations across the globe between March and June 2023,” says Proofpoint.

The Proofpoint researchers say that the EvilProxy threat uses sophisticated Adversary-in-the-Middle phishing with advanced account takeover methods, this appears to be in response to the growing adoption of MFA by many organisations.

The attackers appear to the victim as a service such as DocuSign, Adobe and the business expense management system Concur. Emails that seem to be from these companies contained malicious URLs that initiated a multi-step infection chain.

Once the victim user provided their credentials, attackers could log into their Microsoft 365 account within seconds, indicating a streamlined and automated process.

Proofpoint’s researchers said that threat actors often target specific job functions or departments, and their methods and techniques must constantly evolve, such as finding ways to bypass MFA. Contrary to popular belief, not even MFA works as a silver bullet against sophisticated cloud-based threats. The researchers said malicious actors can hide undetected in an organisation’s environment once they are inside the network, waging attacks such as email fraud, including business email compromise.

The EvilProxy kit was first detected in May 2022, according to the cyber security company Resecurity, when its developers posted a video tutorial on its use. As of last fall, the package was available on the dark web for $400.Organisations can only defend against this threat through higher security awareness, stricter email filtering rules, and adopting FIDO-based physical keys.

SC Media:     Proofpoint:     SC Media:     IT Security News:     Bleeping Computer:     The Record:     Resecurity

 

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« US Defense Agency Announces Major AI Challenge
‘Bitcoin Bonnie & Clyde’ Go To Jail  »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

European Council on Foreign Relations (ECFR)

European Council on Foreign Relations (ECFR)

ECFR is a pan-European think-tank conducting research and promote informed debate on European foreign policy. Cyber security is becoming an intrinsic element of foreign policy debate.

DataCore Software

DataCore Software

DataCore Software is a leader in Software-Defined Storage. Solutions offered include back up and disaster recovery.

Rambus Security Division

Rambus Security Division

Rambus Security Division solutions span areas including tamper resistance, content protection, network security, mobile payment, smart ticketing, and trusted provisioning services.

PCI Compliance Guide

PCI Compliance Guide

The PCI Compliance Guide is one of the leading educational websites available focused exclusively on PCI compliance.

Software Factory

Software Factory

Software Factory develops custom-built high-performance software solutions and products for applications including industrial cyber security.

Namogoo

Namogoo

Namogoo’s disruptive technology identifies and blocks unauthorized product ads that are injected into customer web sessions by client-side Digital Malware.

LEADS

LEADS

LEADS is considered as a leading ICT Solution Provider and an IT partner of choice in Bangladesh.

NTIC Cyber Center

NTIC Cyber Center

NTIC Cyber Center is an organization dedicated to making the National Capital Region (Washington DC) more resilient to cyber-attacks.

Project Moore

Project Moore

Project Moore is an Amsterdam law firm specialising in IT-law and privacy.

CyberHunter Solutions

CyberHunter Solutions

CyberHunter is a leading website security company that provides penetration testing, Network Vulnerability Assessments, cyber security consulting services to prevent cyber attacks.

FTCYBER

FTCYBER

FTCYBER offers the latest technology and data recovery services to identify and extract data from computers and other digital devices.

AVEVA

AVEVA

AVEVA has a long history in providing Supervisory Control and Data Acquisition software for meeting complex and evolving automation requirements.

Trustaira

Trustaira

Trustaira is the first deep tech solution and service company in Bangladesh.

Jitterbit

Jitterbit

Jitterbit integrates critical business processes and enables application development to deliver the experiences and insights needed by enterprises of all sizes to accelerate their digital journey.

Telenor Cyberdefence

Telenor Cyberdefence

Telenor Cyberdefence is a newly established (2024) cloud-born Managed Security Service Provider focused on the Nordic markets.

Frenos

Frenos

The Frenos Platform helps enterprises understand their most probable attack paths while highlighting the most effective risk mitigations to deter and defend against today’s adversaries.