New Phishing-As-A-Service Kit Targets Microsoft 365 Users
A recently discovered phishing-as-a-service kit, known as Sneaky 2FA, has raised concerns among cybersecurity experts. This kit, sold by a cybercrime group called Sneaky Log, targets Microsoft 365 account holders, stealing their credentials and bypassing 2FA protections.
How the Attack Works
The Sneaky 2FA kit uses a bot service via Telegram to target Microsoft 365 users. The kit’s phishing pages are hosted on compromised infrastructure, often involving WordPress websites and other domains the attacker controls. Once a user falls victim to the phishing attack, the kit harvests their Microsoft 365 session cookies, allowing the attackers to bypass 2FA protections during subsequent attacks.
The Kit’s Sophistication
What makes this kit particularly dangerous is its ability to:
- Populate victim email addresses automatically
- Evade detection through Cloudflare Turnstile challenges
- Cleverly redirect security tools to Wikipedia pages
Mitigating the Attack
To protect against this type of attack, organizations can implement the following measures:
- Implementing Privileged Access Management to restrict access and contain potential damage from compromised accounts
- Pairing robust password management with Privileged Access Management to ensure strong, unique, and securely stored credentials
- Using a password manager to prevent users from entering credentials into spoofed websites
The Broader Implications
This attack is not unique to Microsoft 365 users. Any account perceived as highly valuable to threat actors can be targeted using similar phishing-as-a-service kits. The common factor in most such attacks is the phishing aspect, making it essential to focus on mitigating phishing attacks.
Stay Vigilant and Take Action
The Sneaky 2FA bypass attack is a stark reminder of the importance of staying vigilant and taking proactive measures to protect against phishing attacks. By implementing robust security measures and educating users on the dangers of phishing, we can reduce the risk of falling victim to these types of attacks.
Stay informed and stay safe!
