Microsoft Warns of Large-Scale Use of Phishing Kits to Send Millions of Emails Daily
Microsoft Threat Intelligence has recently warned of the widespread use of phishing kits to send millions of phishing emails daily by various threat actors. These kits make it easy for cybercriminals to orchestrate phishing attacks at scale, and their availability for rent or purchase has lowered the barrier of entry for cybercrime.
Microsoft Threat Intelligence has identified an emerging threat actor named DEV-1101 who is responsible for creating an open-source phishing kit known as adversary-in-the-middle (AiTM). This phishing kit has gained popularity among cybercriminals due to its capability to carry out large-scale attacks.
AiTM phishing attacks involve the use of a proxy server that sits between the targeted user and the website they are accessing. The attacker can then intercept the user's password and session cookies, allowing them to gain unauthorized access to the user's account. This type of attack is particularly effective at bypassing multi-factor authentication (MFA) safeguards.
Microsoft Threat Intelligence is closely monitoring this threat and advises users to be vigilant against AiTM phishing attacks. It is crucial for individuals and organizations to implement strong security measures, including MFA and regular security awareness training, to protect themselves from such attacks.
According to Microsoft, DEV-1101 is responsible for creating various phishing kits that can be rented or purchased by other cybercriminals. This lowers the cost and effort required to launch a phishing attack and contributes to the industrialization of the cybercriminal economy. The service-based economy behind such offerings can also result in double theft, where stolen credentials are sent to both the phishing-as-a-service provider and their clients.
DEV-1101's open-source kit includes features that enable the creation of phishing landing pages that mimic Microsoft Office and Outlook. It also allows for campaign management from mobile devices and employs CAPTCHA checks to avoid detection.
Microsoft has observed several high-volume phishing campaigns that leverage this tool, including one involving over a million emails since September 2022, attributed to a threat actor known as DEV-0928. These attacks begin with document-themed emails containing a link to a PDF document, which, upon clicking, takes the victim to a fake Microsoft login page after completing a CAPTCHA step.
While AiTM attacks are meant to circumvent MFA, Microsoft advises organizations to adopt phishing-resistant authentication methods such as FIDO2 security keys. These keys use public-key cryptography to authenticate users and provide an added layer of security against phishing attacks.
For more information on cyber security services, cyber forensic services connect with ANA Cyber Forensic Pvt Ltd. Call us at +91 - 9011041569