As cybercrime continues to evolve, attackers are constantly developing more sophisticated methods to target businesses and individuals. A recent and alarming trend is Phishing-as-a-Service (PhaaS), which provides bad actors with the tools to carry out attacks easily. Through these malicious platforms, such as Mamba 2FA, attackers can exploit widely used services like Microsoft 365, gaining unauthorised access to sensitive business information.
What is Phishing and Phishing-as-a-Service?
Phishing often involves cybercriminals sending fake emails or messages to trick you into sharing details like login credentials, passwords, or credit card numbers.
Phishing-as-a-Service is a service where malicious actors offer ready-made phishing tools and templates for others to use in scams. This makes it easy for bad actors to launch phishing attacks by simply paying for access to these tools.
Emerging PhaaS Platform – “Mamba 2FA”
· The phishing service helps cybercriminals set up fake web pages that look like legitimate Microsoft 365 log-in pages. The attackers use rotating web addresses (phishing URLs) and other tricks to make their fake login pages harder to detect.
· When users try to log in, the phishing service platform intercepts the credentials and also captures the one-time passcode and authentication cookies, which are needed to fully access accounts.
· Once this information has been captured, the service platform sends the user credentials to the bad actors via a messenger service called Telegram.
· With the obtained credentials, the bad actor can access and manipulate sensitive business data and use the compromised account to launch further attacks on your business.
Figure 1: Screen captures of the four known phishing page variants of Mamba 2F – Source: https://blog.sekoia.io/mamba-2fa-a-new-contender-in-the-aitm-phishing-ecosystem/#h-url-structure-and-domain-names
What steps can I take to protect myself and my business from this emerging threat?
1. STOP, THINK, VALIDATE
Before acting on any email or message, take a moment to stop and think. If it’s unexpected or seems suspicious, validate the sender's identity through an independent channel. For example, call or message the person directly using known contact information, not the one provided in the email or message.
2. Don’t Click Links
Avoid clicking on links in emails, especially if they seem out of place or suspicious. Phishing attacks often rely on malicious links to trick you into entering your credentials on fake websites.
3. Don’t Enter Credentials Into an Untrusted Environment
Be cautious about entering your username and password into any site you’re unfamiliar with. Check the website's URL carefully to ensure it is legitimate, and make sure the connection is secure.
4. Use Multi-Factor Authentication with number-matching
Implement Multi-Factor Authentication (MFA) and opt for using an authenticator application (like Microsoft Authenticator) with "number matching.” Number matching requires you to enter a code shown on the login screen as your approval method. This reduces the risk of accidentally approving an MFA request or a text/call being intercepted.
5. Educate Yourself
Stay informed about the latest cybersecurity threats and best practices by regularly checking reliable sources like CERT NZ. Visit www.cert.govt.nz for advice and updates. Training yourself and your employees is key to staying ahead of phishing attacks and other cyber threats.
By following these practices, you can better protect yourself and your business from phishing and other online attacks.
