Các bài viết liên quan:
A new, large-scale phishing campaign was observed using adversary-in-the-middle (AitM) techniques to bypass security protections and compromise business email accounts.
“It uses an adversarial attack in the middle (AitM) that is capable of bypassing multi-factor authentication,” said Zscaler researchers Sudeep Singh and Jagadeeswar Ramanukolanu. “The campaign is specifically designed to reach end users in businesses using our email service.” Microsoft.”
Prominent targets include fintech, lending, insurance, energy, manufacturing and federal credit union verticals located in the United States, United Kingdom, New Zealand and Australia.
This is not the first time a phishing attack so come to light. Last month, Microsoft revealed that more than 10,000 organizations had been targeted since September 2021 using AitM techniques to breach accounts secured with multi-factor authentication (MFA).
The ongoing campaign, effective June 2022, begins with an email with the subject of an invoice sent to targets containing an HTML attachment, with a phishing URL embedded in it.
Opening the attachment via a web browser will redirect email recipients to a phishing page masquerading as a login page for Microsoft Office, but not before fingerprinting the compromised machine to determine if the victim is real. whether the target is expected or not.
AitM phishing attacks go beyond traditional phishing methods designed to steal credentials from unintentional users, especially in cases where MFA is enabled – a security hedge Security prevents attackers from logging into accounts with only stolen credentials.
To avoid this, the fake landing page was developed using the tools phishing acts as a proxy that captures and forwards all communications between the client (i.e. victim) and the email server.
The toolkit intercepts HTML content received from Microsoft’s servers and, before forwarding it back to the victim, manipulates the content in various ways as needed, the researchers said. necessary, to ensure the phishing process works,” the researchers said.
This also entails replacing all links to Microsoft domains with equivalent links to the phishing domain to ensure that back-and-forth remains intact with the phishing site throughout the session.
Zscaler said it observed attackers manually logging into accounts eight minutes after the theft of credentials, following up by reading emails and checking users’ profile information.
Furthermore, in some cases, hacked email inboxes were then used to send more phishing emails as part of the same campaign to carry out business email infiltration scams ( BEC).
While security features like multi-factor authentication (MFA) add an extra layer of security, they should not be considered a silver bullet for protection against attacks, the researchers note. fraud”.
“With the use of advanced phishing toolkits (AiTM) and smart evasion techniques, threat actors are able to bypass both traditional and advanced security solutions.”
.
