Threat actors use EvilProxy phishing-as-a-service (PhaaS) toolkit to target senior executives in the U.S. in massive phishing campaigns.
EvilProxy is an adversary-in-the-middle (AiTM) PhaaS designed to steal credentials and take over accounts. It mainly targets companies in the banking, financial services, insurance, real estate, and manufacturing sectors.
More about the EvilProxy phishing campaign
The attacks start with a phishing email. The message contains a malicious link that seems to lead to the job search platform indeed.com. When the unsuspecting victim clicks the link, hackers redirect them to a malicious page instead. To achieve that, the attackers use an open redirect vulnerability of indeed.com. They manipulate URL parameters to redirect users to their phishing pages.
Image source: The Hacker News
In the next phase, the EvilProxy toolkit acts as a reverse proxy. It sits between the target and a real login page and steal credentials, 2FA codes, and session cookies.
Microsoft is currently tracking the group behind this phishing campaign and dubbed it Storm-0835.
Reportedly, EvilProxy PhaaS targets high-profile individuals, like Senior Executives.
Protection measures against phishing and BEC attacks
Verizon`s Data Breach Investigation Report 2023 stated that Business Email Compromise (BEC) were on the grow.
Social Engineering attacks are often very effective and extremely lucrative for cybercriminals. Perhaps this is why Business Email Compromise (BEC) attacks (which are in essence pretexting attacks) have almost doubled across our entire incident dataset, and now represent more than 50% of incidents within the Social Engineering pattern.
Here are some security measures I recommend for companies to protect against phishing and BEC attacks.
- use multi-factor authentication. This way, even if the hackers compromise your password, they still need the authentication code to break your account
- use a DNS security tool to prevent malicious communication towards or from your system. Smart DNS filtering solutions are able to identify and block unknown malicious domains. So even if the phishing email tricks you to click on a harmful link, the solution will reject the connection
- train employees to identify phishing emails. Education is always a good idea
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
Heimdal® DNS Security Solution
- Machine learning powered scans for all incoming online traffic;
- Stops data breaches before sensitive info can be exposed to the outside;
- Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
- Protection against data leakage, APTs, ransomware and exploits;