New service makes it easier than ever for rookies to launch Microsoft 365 phishing attacks

(Image credit: wk1003mike / Shutterstock)

A newly created Phishing-as-a-Service (Phaas) platform could give even inexperienced hackers the tools they need to launch damaging attacks against Microsoft 365, experts have warned.

Cybersecurity researchers from Mandiant found that "Caffeine" removes much of the friction usually found in competing services, making it worryingly effective in stealing passwords and other sensitive data. 

And although relatively expensive, it comes with plenty of advanced features, and offers templates targeting Chinese and Russian victims.

Caffeine hit

According to the report, the new platform doesn’t require referrals, or invites, for users to become members. 

There is no need for admin approval via Telegram, or hacking forums - all users need to do is register an account and pay for a subscription license, and they’re good to go. When it comes to licenses, there are three distinct offerings: a monthly subscription costing $250, a three-month package costing $450, and a six-month one, costing $850.

Caffeine costs roughly 3-5 times the usual PhaaS, but what customers get in return are anti-detection and anti-analysis systems, as well as customer support. Caffeine also comes with a couple of advanced phishing features, including customization for dynamic URL schemas, first-stage campaign redirect pages, as well as final lure pages, and IP blocklisting options capable of blocking per location, or CIDR range.

Mandiant says it came across Caffeine while investigating a large-scale phishing campaign stealing Microsoft 365 account credentials. While the service comes with templates for the Chinese and Russian markets, researchers believe more will be added soon. 

Customers can also cut down on external tools, by using Python or PHP email management utility tools, it was said.

Phishing is still the number one attack vector for most successful attacks these days, with crooks constantly reinventing themselves and finding new ways to distribute viruses and malware. Recently, researchers found crooks using multiple fake email addresses and engaging in entire fake conversations with themselves, only adding the victim in CC to build credibility. They would only engage with the victim at a later stage, once any doubt of the legitimacy of the conversation was removed.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.