A recently discovered phishing marketplace, known as ONNX Store, has emerged as a threat to Microsoft 365 and Office 365 environments, providing cybercriminals with the tools necessary to launch sophisticated attacks. This platform enables threat actors to bypass strong 2FA security measures, making it easier for them to compromise accounts and gain unauthorized access to sensitive information.
Corporate security teams are advised to prioritize anti-phishing defenses in order to reduce the risk of falling victim to these advanced attacks, which can result in data breaches and financial losses.
Cybercriminals are taking advantage of the phishing tools offered by ONNX Store to target financial institutions. The modus operandi involves sending deceptive emails disguised as HR notifications regarding salary information, prompting recipients to open attached PDF files containing malicious QR codes.
Upon scanning these codes, individuals are redirected to phishing sites that mimic legitimate login pages for Microsoft 365. Here, attackers can steal login credentials and bypass 2FA measures, granting them access to critical systems and data.
In a typical phishing scenario, an email containing a PDF attachment with a QR code tricks the recipient into thinking they need to scan it for important salary details. Once scanned, the victim is directed to a fake Microsoft 365 login page where their credentials and 2FA codes are harvested by cybercriminals.
By targeting personal smartphones, these attacks can evade corporate anti-phishing measures and increase the success rate of credential theft. The use of WebSocket’s real-time communication technology allows stolen credentials and 2FA codes to be quickly extracted and transmitted to the attackers. Phishing kits embedded in malicious emails further deceive victims into divulging sensitive information.
According to cybersecurity experts at Kaspersky, the captured credentials are swiftly sent to the attackers’ infrastructure using the WebSocket protocol, enabling them to infiltrate victim accounts with ease. This access allows cybercriminals to compromise email communications and launch subsequent attacks such as Business Email Compromise (BEC).
The phishing-as-a-service platform provided by ONNX Store operates via Telegram, where bots are used to automate user interactions. This setup allows cybercriminals to efficiently distribute phishing kits and manage compromised accounts through Telegram’s command-and-control infrastructure.
By subscribing to specialized services offered by these phishing platforms, cybercriminals can outsource attacks, gaining access to a variety of tools and infrastructure for launching successful campaigns at a low cost. This includes pre-engineered phishing kits tailored for platforms like Microsoft 365, with options to bypass 2FA, making it easier for even novice cybercriminals to conduct sophisticated attacks.
To combat the rising threat of advanced phishing attacks, it is recommended to implement FIDO U2F hardware tokens or passkeys for robust 2FA protection. Additionally, deploying comprehensive security solutions with anti-phishing capabilities across all devices and providing regular security awareness training to employees can enhance vigilance against evolving phishing tactics.
In conclusion, the emergence of ONNX Store and similar phishing platforms underscores the importance of staying vigilant and implementing robust security measures to protect against sophisticated cyber threats. Organizations must prioritize anti-phishing defenses and take proactive steps to safeguard their sensitive information from falling into the hands of malicious actors.