A New Era of Accessibility: Greatness Phishing-as-a-Service Tool
The Rise of a New Phishing Tool: Greatness
The cyber world today has witnessed the emergence of a new phishing-as-a-service (PaaS) tool that is enabling even amateurs to create and execute well-crafted and omnipotent phishing attacks on businesses. The tool, dubbed “Greatness,” has come with an all-in-one service that helps cybercriminals create Microsoft 365-based phishing baits and facilitates man-in-the-middle attacks that hijack authentication credentials, even in instances where the targeted organization employs a multifactor authentication (MFA) system. Cisco Talos, an expert in cyber risk management, declared that the tool has been circulating since mid-2022, and its use has already been identified in a range of attacks targeting industries in healthcare, technology, and manufacturing, among others.
Half of the attacks carried out using Greatness were directed towards organizations in the United States, while the rest were recorded across Australia, Brazil, Canada, South Africa, and Western Europe. The PaaS tool seeks to offer ease of access to perpetrators by simplifying the process involved in building a phishing campaign. Nick Biasini, the head of outreach for Cisco Talos, termed Greatness as a pioneer and purveyor of democratized access to phishing campaigns and other cyber-attack models.
How Greatness Works
Greatness functions as a weaponized Microsoft 365 phishing bait directed explicitly at a target company’s employees. It is delivered in the form of an email attachment or a link that appears as a blurred image mimicking the loading of a Microsoft document. The attachment hooks the victim by pre-populating their email address and the company logo already on the Microsoft 365 login page, giving a sense of legitimacy to the victim. The tool triggers a Man-in-the-Middle (MitM) attack when the victim submits the passreplace to their account.
Even if the victim has an MFA system, Greatness still intercepts authentication codes received through SMS, email, or mobile app notifications before relaying them to the attacker in charge. Finally, Greatness collects an authenticated session cookie that it relays to a threat actor through its administrative panel or Telegram. According to Cisco Talos, all a user does with Greatness is fill out a form, including image captions, titles, and other specifics to launch the MitM attack. Greatness’s “autograb” feature automatically pre-fills the victim’s email address on the Microsoft 365 login page.
Why Greatness Is So Effective
The spectacular efficiency of the Greatness phishing tool can be attributed to its naturally simplistic structure, allowing it to bypass several cyber hygiene and cybersecurity awareness measures. The PaaS tool can effortlessly circumvent MFA and other awareness techniques, making it a significant challenge to security measures. Organizations can’t only bank on implementing ordinary fixes to combat the tool’s potential cyber risks. A common security fix that organizations can employ is to alter cookie session timeout values to reduce their vulnerability to Greatness infiltrations.
Nick Biasani of Cisco Talos recommends that timeouts should be reviewed often to suit current cyber threats. The dilemma between usability and security rests on a knife-edge, forcing companies to balance security versus usability, especially when enabling MFA authentication. For clients requiring more sophisticated security, regulation with comprehensive anomaly detection systems and location-based authentication controls can help them create a high-security risk resilience model, not only against Greatness but also similar cyber risk agents.
Conclusion
Phishing campaigns have been the staple of cyber attackers for a decade. As this piece has shown, Greatness represents a tool in the current arsenal of phishing-as-a-service offerings. Its sophistication and ease of use make it all the more dangerous. Nevertheless, Greatness’s emergence demonstrates the efficiency of multifactor authentication (MFA) when countering cyber threats. Although it poses a real security risk, it should serve as a warning to organizations to always maintain up-to-date security protocols to take on not only Greatness but also other emerging cyber threats.
<< photo by Adi Goldstein >>
You might want to read !
- Microsoft 365 Accounts Face the Menace of ‘Greatness’ Phishing-as-a-Service
- “Iran’s BellaCiao: A Closer Look at the Evolution of Threat Groups’ Malware Tactics”
- North Korean Hackers Suspected in Major Data Breach at Seoul Hospital
- Mandiant CEO claims China has redefined its approach to cyberattacks
- MSI data breach exposes vulnerability in low-level motherboard security keys
- Microsoft Releases Second Outlook Zero-Day Patch Attempt
- “Google Takes Strides Towards Safer Android Devices with Latest API Enhancements”
- “The High Cost of Locking Out: Examining the Broader Impacts of Inaccessible Security Products”
