Organizations across different sectors around the world are having their Microsoft and Google accounts targeted by multiple cybercrime operations in attacks exploiting the nascent VoidProxy phishing service that has been underway since January, reports The Register.Threat actors leveraged breached email accounts belonging to legitimate email marketing providers to deliver malicious emails with a link performing several redirections before landing on the initial phishing site with a CAPTCHA challenge before redirecting to another phishing site resembling the Microsoft or Google account sign-in page, according to an analysis from Okta Threat Intelligence researchers.Inputting credentials on the fake sign-in pages would prompt their delivery to the attacker-in-the-middle proxy server of VoidProxy, enabling real-time compromise of usernames, passwords, and multi-factor authentication tokens.Such findings should prompt organizations to leverage robust authenticators and implement phishing resistance policies and FIDO2 WebAuth, said researchers.On the other hand, Microsoft, Google, and other vendors have been urged to maintain support for the Interoperability Profile for Secure Identity in the Enterprise and other industry standards that ensure mitigations against phishing-as-a-service threats.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds