PhaaS platforms expand their functionality by allowing hackers to steal victims session cookies.
Microsoft warning of an increase in the number of man-in-the-middle (MITM) attacks that are being propagated under the Phishing-as-a-Service (PhaaS) cybercrime model.
In addition to the banal growth in the number of PhaaS platforms capable of conducting MITM attacks, Microsoft notes that already existing phishing services, such as PerSwaysion, have begun to integrate the capabilities of MITM attacks.
"This allows attackers to conduct large-scale phishing campaigns aimed at circumventing the protection of multi-factor authentication," according to Microsoft's cyber threat analysis team.
Phishing tools with MITM capabilities work in two ways. One of them is to use reverse proxy servers to intercept credentials, two-factor authentication codes, and session cookies.
The second method involves the use of synchronous relay servers. In this case, the user is shown a copy or imitation of the login page, as in traditional phishing attacks.
The ultimate goal of such attacks is to gain users session cookies and access to privileged systems without the need for authentication.
"Bypassing multi-factor authentication (MFA) is the goal that motivated attackers to develop methods for stealing session cookies using MITM principles," Microsoft notes.
Researchers strongly recommend that organizations carefully monitor this threat and take all necessary measures to protect against such attacks, including regular software updates, the use of strong passwords, and two-factor authentication.
In addition, a mandatory component of protection is the introduction of modern intrusion detection and prevention systems that can detect and stop abuse by hackers in a timely manner.
Microsoft warning of an increase in the number of man-in-the-middle (MITM) attacks that are being propagated under the Phishing-as-a-Service (PhaaS) cybercrime model.
In addition to the banal growth in the number of PhaaS platforms capable of conducting MITM attacks, Microsoft notes that already existing phishing services, such as PerSwaysion, have begun to integrate the capabilities of MITM attacks.
"This allows attackers to conduct large-scale phishing campaigns aimed at circumventing the protection of multi-factor authentication," according to Microsoft's cyber threat analysis team.
Phishing tools with MITM capabilities work in two ways. One of them is to use reverse proxy servers to intercept credentials, two-factor authentication codes, and session cookies.
The second method involves the use of synchronous relay servers. In this case, the user is shown a copy or imitation of the login page, as in traditional phishing attacks.
The ultimate goal of such attacks is to gain users session cookies and access to privileged systems without the need for authentication.
"Bypassing multi-factor authentication (MFA) is the goal that motivated attackers to develop methods for stealing session cookies using MITM principles," Microsoft notes.
Researchers strongly recommend that organizations carefully monitor this threat and take all necessary measures to protect against such attacks, including regular software updates, the use of strong passwords, and two-factor authentication.
In addition, a mandatory component of protection is the introduction of modern intrusion detection and prevention systems that can detect and stop abuse by hackers in a timely manner.
