Microsoft Issues Warning About Widespread Usage of Phishing Kits

Microsoft Issues Warning About Widespread Usage of Phishing Kits

share on :

Microsoft Issues Warning About Widespread Usage of Phishing Kits

Because of its capacity to plan large-scale attacks, an open source adversary-in-the-middle (AiTM) phishing kit has attracted a lot of adopters in the world of cybercrime. The threat actor that created the kit is being tracked by the Threat Intelligence team under the newly coined name DEV-1101.

In a typical AiTM phishing assault, a threat actor places a proxy server in between the user and the website in an effort to collect and intercept the target’s password and session cookies. Due to their ability to get around multi-factor authentication (MFA) security measures, particularly time-based one-time passwords, such assaults are more successful (TOTPs).

According to the tech giant, DEV-1101 is the person or entity behind a number of phishing kits that other criminal actors can buy or rent, hence lowering the work and resources needed to conduct a phishing campaign.

Microsoft Issues Warning About Widespread Usage of Phishing Kits
Microsoft Issues Warning About Widespread Usage of Phishing Kits

In a technical analysis, Microsoft stated that the availability of such phishing kits for purchase by attackers is a component of the industrialization of the cybercriminal economy and lowers the barrier to entry for cybercrime.

The dual theft can occur when the stolen credentials are provided to both the phishing-as-a-service provider and their clients is another risk associated with the service-based economy that supports such services.

Since its launch in May 2022, the service has undergone a number of improvements, the most significant of which is the ability to control the servers that operate the kit using a Telegram bot. The cost of a monthly licencing fee is presently $300, and VIP licences are $1,000.

See more: Delhi Police collaborates with Truecaller to combat cyber fraud

Microsoft claimed to have found a number of high-volume phishing campaigns involving millions of phishing emails each day from multiple attackers who use the tool.Among these is a group of activities known as DEV-0928, which Redmond referred to as one of “DEV-1101’s more notable clients,” and which has been connected to a phishing campaign involving more than a million emails since September 2022.

The assault sequence begins with email messages with a document theme that contain a link to a PDF document. When the receiver clicks the link, the link takes them to a login page that appears to be Microsoft’s sign-in portal, but not before prompting them to pass a CAPTCHA phase.

See more: Unpatched SonicWall SMA devices targeted by Chinese hackers

According to Microsoft, adding a CAPTCHA page to the phishing sequence could make it more challenging for automated systems to reach the final phishing page, but a human could do it with ease.

Despite the fact that these AiTM attacks are made to avoid MFA, it’s critical for businesses to use phishing-resistant authentication strategies, including using FIDO2 security keys, to stop shady login attempts.


Author: Sayyam Gangwal

We hope you found article interesting. For more exclusive content follow us on FacebookTwitter and LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked *