Security News > 2023 > August > Cybercriminals Increasingly Using EvilProxy Phishing Kit to Target Executives

Threat actors are increasingly using a phishing-as-a-service toolkit dubbed EvilProxy to pull off account takeover attacks aimed at high-ranking executives at prominent companies.

According to Proofpoint, an ongoing hybrid campaign has leveraged the service to target thousands of Microsoft 365 user accounts, sending approximately 120,000 phishing emails to hundreds of organizations worldwide between March and June 2023.

PhaaS toolkits are an evolution of the cybercrime economy, lowering the barrier for criminals with lower technical skills to carry out sophisticated phishing attacks at scale in a seamless and cost-effective manner.

"Nowadays, all an attacker needs is to set up a campaign using a point-and-click interface with customizable options, such as bot detection, proxy detection, and geofencing," security researchers Shachar Gritzman, Moshe Avraham, Tim Kromphardt, Jake Gionet, and Eilon Bendet said.

The latest wave of attacks commences with phishing emails that masquerade as trusted services like Adobe and DocuSign to trick recipients into clicking on malicious URLs that activate a multi-stage redirection chain to take them to a lookalike Microsoft 365 login page, which functions as a reverse proxy to stealthily capture the information entered in the form.

"Ducktail is known to target Facebook Ad and Business accounts," eSentire researchers said.

News URL

https://thehackernews.com/2023/08/cybercriminals-increasingly-using.html