Read Time:1 Minute, 43 Second
Threat actors are now using a new and more effective phishing technique called adversary-in-the-middle (AiTM) in the hopes of stealing sensitive information.
Recently, a large-scale AiTM campaign was detected to have been targeting Google G-Suite users. AiTM is a phishing method that uses spoofed websites that deploy a proxy server between a target user and the website the user wants to visit. Attackers would gain the user’s password, take over login sessions and take over the session cookie.
Once obtained, threat actors launch business email compromise (BEC) campaigns against other targets. Microsoft experts concluded that this method was utilised to target more than 10,000 organisations since September 2021.
Researchers from cloud security company Zscaler detected that AiTM phishing attacks were now directed toward G-Suite users starting mid-July 2022. Researchers from Zscaler identified in their analysis that “This campaign specifically targeted chief executives and other senior members of various organisations which use G Suite.”
Users received password expiry emails with malicious embedded links that would supposedly “extend your access” were part of the attack chain. The link would redirect the user to open redirect pages of Google Ads and Snapchat to load the phishing page URL.
The attacker also fingerprinted the client to determine whether it was a real user or an automated analysis system. The researchers concluded that multi-factor authentication processes alone could no longer offer adequate protection against newer and more advanced phishing attacks.
Threat actors can now bypass multi-factor authentication protection on many different services with this method. Even though multi-factor authentication is an added layer of security, users should not rely on it entirely.
Tech giant Google reassures that Gmail has multiple layers of phishing protection to safeguard its users against these attacks. Safe Browsing is another service Google provides on top of its hardware security keys to detect attacks further. Still, it reminds its users to only click on links from trusted sources and never enter login credentials on pages that may seem illegitimate.
Happy
0 %
Sad
0 %
Excited
0 %
Sleepy
0 %
Angry
0 %
Surprise
0 %
0
0
