Microsoft 365 (M365) Phishing Has Gone DIY With PaaS/PhaaS Kits

Microsoft 365 (M365) Phishing has gone DIY with PaaS/PhaaS Kits

Digital equity is an important goal when it comes to providing Wi-Fi and reliable devices for those who need them. One thing, however, that should not be democratized is access to phishing applications. Yet, a new phishing-as-a-service (PaaS/PhaaS) tool called Greatness is making it easy and affordable for novice cybercriminals to create and conduct effective cyberattacks. According to researchers, “anyone with even rudimentary technical chops can craft compelling Microsoft 365-based phishing lures, then carry out man-in-the-middle attacks that steal authentication credentials — even in the face of multifactor authentication (MFA) — and much more.”

Microsoft 365 phishing has gone DIY with PaaS/PhaaS kits

Prior to the availability of PaaS kits, wannabe phishers would need to employ hackers-for-hire. Now, M365 phishing has gone DIY, usually for a relatively low price.

For now, Greatness only allows hackers to target business users of M365. This kit offers tools to create highly convincing decoy and login pages that are pre-filled with the victim’s email address, company logo, and background image, extracted from the target organization’s real M365 login page.

Why are PaaS kits like Greatness so concerning for businesses?

  • Financial and technical barriers to entry for threat actors are now significantly lower. Creating and conducting phishing attacks used to require coding knowledge and time. Now, PaaS kits make it a plug-and-play endeavor.
  • Greatness makes quick and easy work of bypassing MFA, previously held as the gold standard in cybersecurity.
  • Would-be hackers can more easily join and profit from the phisher community, thanks to access to hacker hubs like instant messaging app Telegram. From 2021 to 2022, the use of Telegram bots as exfiltration destinations for phished information increased by 800%, with over 2.5 million malicious URLs generated using phishing kits over a single six-month period.

A simple change organizations can make to counter tools like Greatness is to shorten cookie session timeouts, forcing MFA more often. However, a downside to this approach is that users can become frustrated when forced to frequently re-authenticate.

The best defense against PaaS, either via DIY or experienced cyberthieves, is through better monitoring of the traffic going in and out of M365. By stepping up detection capabilities, foreign and impossible logins and other anomalies can be detected and dealt with immediately.

The ability to act in real time is essential to be able to identify, isolate and remove threats. Contact us to learn how you can proactively protect your environment within a few days.


Subscribe to TechMD Insights

More Posts

Executive Chat: Essential Cybersecurity Insights

In the third episode of the TechPulse Executive Chat series, the TechMD leadership team highlights the ever-evolving cybersecurity challenges for business leaders and the essential measures needed to keep your valuable data and networks safe.

Top 5 Warning Signs Every Business Should Watch For

Email Breach Signals: Top 5 Warning Signs Every Business Should Watch For

Microsoft 365 and Google Workspace are two of the most widely used cloud platforms for business, yet cyber criminals continue to break in undetected with relative ease. A large majority of cyberattacks start when someone clicks a link in an email that they shouldn’t, so organizations must stay vigilant for clues that cybercriminals are planning an attack. Today we’re going to share the top five warning signs of an email break-in.

Tech Pulse Executive Chat: 2024 Threats Opportunities

Executive Chat: 2024 Threats & Opportunities

In this impactful video from TechPulse, join TechMD’s executive team as they offer insights on how leaders can leverage the looming revolution to alter their trajectory for the better. Get top tips for business operators in 2024 from the experts.

Skip to content