• A new Microsoft 365 phishing service has emerged, so be on your g

    From TechnologyDaily@1337:1/100 to All on Monday, December 23, 2024 15:30:05
    A new Microsoft 365 phishing service has emerged, so be on your guard

    Date:
    Mon, 23 Dec 2024 15:14:00 +0000

    Description:
    FlowerStorm has significant overlaps with the defunct Rockstar2FA, warns Sophos.

    FULL STORY ======================================================================Research ers said that Rockstar2FA went quiet in November 2024 But a new PaaS emerged soon afterwards, with partly overlapping infrastructure The new PaaS is
    called FlowerStorm, and it targets Microsoft365 accounts

    Cybersecurity researchers from Sophos have warned a new Phishing-as-a-Service (PaaS) tool has emerged, allowing threat actors to easily hunt for peoples Microsoft 365 credentials.

    This tool is called FlowerStorm, and it might have emerged from the (defunct) Rockstar2FA, the company revealed, noting how in November, detections for Rockstar2FA have suddenly gone quiet.

    The organizations infrastructure was taken offline, at least partly, for reasons yet unknown - but the researchers dont think this was the work of law enforcement, though. Long live FlowerStorm?

    Rockstar2FA was a PaaS platform designed to bypass two-factor authentication (2FA), primarily targeting Microsoft 365 accounts. It worked by intercepting login processes to steal session cookies, allowing attackers to access accounts without needing credentials or verification codes. Through a simple interface and Telegram integration, threat actors that purchased a license could manage their campaigns in real time.

    The new platform, which emerged in the weeks after Rockstar2FA went quiet,
    was dubbed FlowerStorm by the researchers. Apparently, much of its tools and features overlap with that of Rockstar2FA, which is why Sophos speculates
    that it could be its (spiritual) successor.

    The vast majority of the targets chosen by FlowerStorm users (84%) are
    located in the United States, Canada, United Kingdom, Australia, and Italy, Sophos added.

    Companies in the States were most frequently targeted (60%), followed by Canada (8.96%). Overall, almost all (94%) of FlowerStorm targets were either in North America or Europe, with the rest falling on Singapore, India,
    Israel, New Zealand, and the United Arab Emirates.

    The majority of the victims are in the service industry, namely firms providing engineering, construction, real estate, and legal services and consulting.

    Defending against FlowerStorm is the same as against any other phishing
    attack - using common sense and being careful with incoming emails. You might also like This worrying new phishing attack is going after Microsoft 365 accounts Here's a list of the best antivirus tools on offer These are the
    best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/a-new-microsoft-365-phishing-service-ha s-emerged-so-be-on-your-guard


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)