Cybercriminals are taking advantage of a newly emerged phishing-as-a-service platform called Greatness, which has been actively targeting business users of Microsoft 365 since mid-2022. The platform significantly lowers the barriers to entry for phishing attacks, allowing even inexperienced threat actors to create persuasive decoy and login pages. According to Tiago Pereira, a researcher at Cisco Talos, Greatness specializes in Microsoft 365 phishing pages. It equips its affiliates with an attachment and link builder that generates realistic lure pages with appropriate company logos and background images extracted from the genuine Microsoft 365 login page. Greatness campaigns have primarily focused on Manufacturing, Healthcare, and Technology sectors in the U.S., the U.K., Australia, South Africa, and Canada. Activity levels spiked in December 2022 and March 2023. Phishing kits like Greatness offer an affordable and scalable solution for threat actors, enabling them to create convincing login pages associated with various online services and bypass two-factor authentication (2FA) measures.
The fraudulent pages serve as reverse proxies, collecting login credentials and one-time passwords (OTPs) by unsuspecting victims. The attack typically begins with a malicious email containing an HTML attachment, once opened, it executes obfuscated JavaScript code, redirecting the user to a landing page where their email address is already pre-filled. The user is then prompted to enter their password and MFA code. The stolen credentials and tokens are subsequently forwarded to the affiliate's Telegram channel, providing unauthorized access to compromised accounts. The phishing kit, known as AiTM, includes an administration panel allowing affiliates to configure the Telegram bot, monitor stolen information, and create malicious attachments or links.
It is worth noting that Microsoft has recently implemented number matching in Microsoft Authenticator push notifications as of May 8, 2023. This enhancement aims to strengthen 2FA protections and defend against prompt bombing attacks. These developments highlight the ongoing battle between cybercriminals and security measures by technology providers like Microsoft. As attackers continually refine their techniques, it becomes crucial for organizations to stay vigilant and adopt robust Cyber Security practices.
To protect against phishing attacks like those facilitated by the Greatness platform, businesses should prioritize employee education and awareness. Training programs that focus on recognizing phishing emails, verifying the authenticity of login pages, and practicing safe browsing habits can significantly reduce the risk of falling victim to such schemes. Furthermore, staying informed about the latest Cyber Security trends and threats is crucial. Subscribing to reputable security news sources, attending industry conferences, and engaging with Cyber Security professionals can provide valuable insights into emerging risks and effective defense strategies.
At Secure n Comply, we have experience serving clients in a variety of industries. From healthcare and finance to retail and technology, we have helped businesses of all sizes and types protect their assets and meet regulatory requirements.
Customers Served
Compliance
Cybersecurity Projects
IPs Secured
Applications Secured
Secure n Comply, (a division of Allied Boston), is a trusted and renowned Cyber Security firm with over two decades of experience offering Global Cyber Security Services.
Secure n Comply takes pride in its extensive global network of industry-leading experts who are meticulously employed and actively engaged to ensure our processes remain up to date.
We ensure round-the-clock monitoring, communication, and resolution by assigning dedicated team members.
Facilitated the advancement of multiple businesses worldwide, expediting their secure digital transformation endeavors.
Our offerings are custom-designed to align seamlessly with the distinct needs and requirements of your organization.
We are committed to generating client-centric value and forging long-lasting partnerships to drive mutual growth.
Don't wait another moment and let’s embark on this transformative journey together to pave the way for an unbreakable defense.
Get started now!
2023 Secure n Comply(Division of Allied Boston) | Designed and Developed By Peprsoft Inc.
You are just a few steps away from securing your Digital assets, Get in touch with our experts now!