Cisco Researchers Discover New Phish-Service That Automates Phishing Attacks
According to a report by Cisco Talos, researchers have discovered a new Phish-Service or PaAS (Phishing as a Service), which allows novice hackers to launch cyber attacks with advanced functions. PaAS platforms are one of the cybercrime services, which reduces the entry threshold for attackers by offering unskilled hackers an opportunity to automate phishing attacks.
The new service is named “Greatness” and was first observed in mid-2022, with the peak of activity in March 2023, according to the number of samples available on VirusTotal. Cisco observed that Greatness was used for attacks on companies and not on government organizations, indicating that the service users pursue financial benefits and not espionage.
Most victims of Greatness were enterprises in production, health, and technology, accounting for more than 50% of victims in the US, the UK, Australia, South Africa, and Canada. The platform provides investment partners and links to very convincing fake sites and entry pages where the victim’s email address is already auto-filled, with the company’s logo and/or the background image removed from the real entry page in Microsoft 365 of the organization.
Cisco researchers claimed that Greatness functions also include bypassing multifactorial authentication (MFA), IP address filtration and integration with Telegram bots. Telegram-bots are utilized to inform partners when authenticated session cookie files are stolen before their expiration.
PaAS platforms raise concerns among cybersecurity experts as they reduce a hacker’s proficiency required to initiate a successful cyber attack. It also makes cybercrime a service that can be outsourced on the dark web without the need to possess dedicated resources, infrastructure or technical knowledge.