fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Office 365 Phishing Abuses Oracle And Amazon Cloud Services

Office 365 Phishing Abuses Oracle And Amazon Cloud Services

A rather complex phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. and Australia combines cloud services from Oracle and Amazon into its infrastructure.

The campaign has been active for more than half a year and uses a network of legitimate websites that have been compromised to work as a proxy chain.

Simple lure

The operators bait recipients with fake notifications for voice messages and Zoom invitations that ultimately lead the victim to the phishing page collecting login credentials.

Cybersecurity company Mitiga says that despite the simple lure and purpose, the campaign stands out as sophisticated as the road to exfiltration goes through legitimate services and websites.

According to their research, the threat actor sends phishing messages from compromised email accounts and uses Amazon Web Services (AWS) and Oracle Cloud in the redirect chain.

“Once the link was clicked, the user is redirected through several proxies, including AWS load balancers, all the way to a legitimate but compromised website”

– Ofir Rozmann, threat intelligence at Mitiga

Also Read: What is Pentest Report? Here’s A Walk-through

Redirect flow

Next, victims are redirected to a hacked website that takes them to the fake Office 365 page hosted mostly on Oracle Cloud computing service.

In some cases, the actor used Amazon Simple Storage Service (Amazon S3). The credentials entered on this page are automatically delivered to another hacked website.

Mitiga says that they identified more than 40 compromised websites that were part of this Office 365 phishing campaign.

Clues point to phishing as a service

Clues found in the HTML code for the fake Office 365 pages suggest that the infrastructure is part of a phishing-as-a-service business rented to multiple clients.

Evidence of this are commented instructions like “//Set Link Here” and small differences in variables, function names, or compromised sites that received the stolen credentials, which could indicate that multiple parties use the same infrastructure.

The researchers also found references to some regions in Asia such as Gagal (Iran), Kurang (India), and Kosong (North Korea), as well as Indonesian words (“tombol” – button, “tekan” – press, “kolom” – column, “kirim” – send).

These could hint at the operators of the phishing-as-a-service business or their customers. However, these may also be false flags introduced to mislead researchers.

From the email addresses analyzed, Mitiga determined that the targets of this phishing operation are predominantly C-level executives at small and medium-sized businesses as well as major financial institutions.

Also Read: The PDPA Data Breach August 2020: A Recap of 8 Alarming Cases

Mitiga makes the following recommendations to avoid falling victim to these attacks:

  • Enable two-factor authentication (2FA) for Office 365 login
  • Enforce Office 365 password updates
  • Examine forwarding rules in email accounts
  • Search for hidden folders in email inboxes and messages in a different location than normal
  • Log changes to mailbox login and settings and keep the data for at least 90 days
  • Enable alerts for suspicious activity, such as unusual logins, and analyze server logs for abnormal email access. 
  • Consider simulating a similar attack scenario using a red team to test the phishing awareness of the organization

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us