Cybercriminals using 'EvilProxy' phishing kit to target exec: Report


New Delhi, Aug 14 (IANS): Cybercriminals are increasingly using a phishing-as-a-service (PhaaS) toolkit -- EvilProxy -- to pull off account takeover attacks aimed at high-ranking executives at major companies.

According to cybersecurity company Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft 365 user accounts, sending approximately 1,20,000 phishing emails to hundreds of targeted organisations across the globe between March and June 2023.

Over the last six months, the researchers have observed a surge of over 100 per cent in successful cloud account takeover incidents impacting high-level executives at leading companies.

During the phishing stage of the attack, attackers employed several noteworthy techniques, such as -- brand impersonation, scan blocking, and a multi-step infection chain.

"Attackers use new advanced automation to accurately determine in real-time whether a phished user is a high-level profile, and immediately obtain access to the account, while ignoring less lucrative phished profiles," the researchers said.

Moreover, the report said that more than 100 organisations were targeted globally, collectively representing 1.5 million employees.

Among the hundreds of compromised users, about 39 per cent were C-level executives of which 17 per cent were Chief Financial Officers (CFO), and 9 per cent were Presidents and CEOs.

Attackers have also shown interest in lower-level management, focusing their efforts on personnel with access to financial assets or sensitive information. At least 35 per cent of all compromised users had additional account protections enabled.

Further, the report mentioned that the campaigns are seen as a response to the increased adoption of multi-factor authentication (MFA) in enterprises, evoking threat actors to grow their tactics to bypass new security layers by incorporating adversary-in-the-middle (AitM) phishing kits to siphon credentials, session cookies, and one-time passwords.

Cybersecurity firm Resecurity first reported on EvilProxy in September 2022, detailing its ability to compromise user accounts associated with Apple iCloud, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, NPM, PyPI, RubyGems, Twitter, Yahoo, and Yandex, among others.

 

  

Top Stories


Leave a Comment

Title: Cybercriminals using 'EvilProxy' phishing kit to target exec: Report



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.