How Phishing-as-a-Service is Making It Easier for Cybercriminals to Attack
Since approximately mid-2022, cybercriminals have been utilizing a recently developed platform called ‘Greatness’, which operates as a phishing-as-a-service (PhaaS or PaaS) solution. This platform specifically focuses on targeting business users who utilize the Microsoft 365 cloud service. Its introduction has significantly reduced the difficulty of conducting phishing attacks.
Greatness encompasses functionalities found in highly advanced PaaS solutions, including but not limited to MFA bypass, IP filtering, and seamless integration with Telegram bots.
In addition, Greatness provides its affiliates with an attachment and link builder, which enables them to construct convincing decoy and login pages with remarkable accuracy. The platform's unique features include pre-filling the victim's email address and displaying their company's actual logo and background image, obtained from the authentic Microsoft 365 login page of the targeted organization.
In an analysis of numerous campaigns, it was found that the manufacturing sector was the primary target, closely followed by healthcare, technology, and real estate industries.
This enables PaaS affiliates to acquire usernames and passwords, as well as gain access to authenticated session cookies if the targeted individual employs MFA.
These revelations coincide with Microsoft's recent implementation, as of May 8, 2023, of number matching in Microsoft Authenticator push notifications. This measure aims to enhance the security of two-factor authentication (2FA) and safeguard against prompt bombing attacks.
Sources: https://thehackernews.com/2023/05/new-phishing-as-service-platform-lets.html, https://blog.talosintelligence.com/new-phishing-as-a-service-tool-greatness-already-seen-in-the-wild/