Digital equity is an important goal when it comes to providing Wi-Fi and reliable devices for those who need them. One thing, however, that should not be democratized is access to phishing applications. Yet, a new phishing-as-a-service (PaaS/PhaaS) tool called Greatness is making it easy and affordable for novice cybercriminals to create and conduct effective cyberattacks. According to researchers, “anyone with even rudimentary technical chops can craft compelling Microsoft 365-based phishing lures, then carry out man-in-the-middle attacks that steal authentication credentials — even in the face of multifactor authentication (MFA) — and much more.”
Microsoft 365 phishing has gone DIY with PaaS/PhaaS kits
Prior to the availability of PaaS kits, wannabe phishers would need to employ hackers-for-hire. Now, M365 phishing has gone DIY, usually for a relatively low price.
For now, Greatness only allows hackers to target business users of M365. This kit offers tools to create highly convincing decoy and login pages that are pre-filled with the victim’s email address, company logo, and background image, extracted from the target organization’s real M365 login page.
Why are PaaS kits like Greatness so concerning for businesses?
- Financial and technical barriers to entry for threat actors are now significantly lower. Creating and conducting phishing attacks used to require coding knowledge and time. Now, PaaS kits make it a plug-and-play endeavor.
- Greatness makes quick and easy work of bypassing MFA, previously held as the gold standard in cybersecurity.
- Would-be hackers can more easily join and profit from the phisher community, thanks to access to hacker hubs like instant messaging app Telegram. From 2021 to 2022, the use of Telegram bots as exfiltration destinations for phished information increased by 800%, with over 2.5 million malicious URLs generated using phishing kits over a single six-month period.
A simple change organizations can make to counter tools like Greatness is to shorten cookie session timeouts, forcing MFA more often. However, a downside to this approach is that users can become frustrated when forced to frequently re-authenticate.
The best defense against PaaS, either via DIY or experienced cyberthieves, is through better monitoring of the traffic going in and out of M365. By stepping up detection capabilities, foreign and impossible logins and other anomalies can be detected and dealt with immediately.
The ability to act in real time is essential to be able to identify, isolate and remove threats. Contact us to learn how you can proactively protect your environment within a few days.