The Data Breach Investigations Report produced by Verizon found that attackers access an organization's data in three main ways: stolen credentials, vulnerability exploitation and phishing, with the latter still being primarily responsible for the largest number of successful attacks.
“The Phishing as a Service (PhaaS) market is flourishing and an excellent example of this is the Tycoon 2FA platform”, informs Aftab Alam, Executive Vice President of Product Management at Arcserve, the world's most experienced provider of immutable backup, recovery, and storage solutions for unified data resilience against ransomware and disasters.
Recalling that according to the SaaS cybersecurity company Sekoia, the platform was specifically designed to overcome two-factor authentication (2FA) protections that protect data traveling through Microsoft 365 and Gmail, the executive adds that ready-to-use attachment templates The use of Microsoft 365 and Gmail are sold at attractive prices, creating a cheap gateway for hackers.
The platform already has an update this year and its PhaaS service can now be found on more than 1.100 domains, being linked to numerous phishing attacks. It is worth detailing the cybercriminals step by step, understanding their steps:
- Step 0 – sending deceptive emails with malicious URLs or QR codes, luring victims to phishing sites.
- Step 1 – A security solution filters non-human traffic, allows only real users to proceed.
- Step 2 – Phishing software employs scripts to extract the victim's email to personalize the attack in future attempts.
- Step 3 – The user is redirected to a specific location on the phishing site before being guided to a malicious login page.
- Step 4 – When the victim lands on a fake Microsoft login page, their credentials are compromised and data is exfiltrated.
- Step 5 – Phishing software replicates the 2FA prompt, captures the token or response, and prevents authentication.
- Step 6 – Finally, the victim is diverted to an authentic-looking page, unaware that the attack has already occurred.
“Once a hacker gains access to Microsoft SaaS data via Tycoon 2FA, it may be too late to prevent data loss due to the software's exfiltration capabilities, which underscores the importance of adopting an integrated data solution capable of to promote disaster recovery and ensure business continuity”, analyzes the executive.
In this scenario, it is essential to have a resilient system to protect workloads, whether cloud-based, local, virtual, hyperconverged and SaaS. “The growing sophistication of cybercriminals can only be combatted with the adoption of advanced solutions combined with a culture of precaution that involves simple preventive actions such as carefully reading emails to identify scams involving extraordinary offers, final warnings, senders with inconsistent addresses and suspicious links”, advises Aftab Alam.
