top of page

New Phishing Tool "Greatness" Makes Microsoft 365 Attacks Accessible to All

There's a new player in the cybercrime world, and it's making phishing attacks easier than ever. Meet "Greatness," a phishing-as-a-service (PaaS) tool that allows even the most inexperienced cybercriminals to create sophisticated phishing campaigns targeting businesses.

The team at Cisco Talos uncovered this powerful tool and shared their findings. Greatness is a one-stop-shop for all your phishing needs. With just basic technical knowledge, anyone can create convincing Microsoft 365-based phishing lures and carry out man-in-the-middle attacks that steal authentication credentials, even if multifactor authentication (MFA) is in place.

Since its emergence in mid-2022, Greatness has been used in attacks against various sectors, including manufacturing, healthcare, and technology. While half of the targets have been in the US, attacks have been reported in Western Europe, Australia, Brazil, Canada, and South Africa.

What makes Greatness so accessible is its user-friendly interface. It starts with an email that includes a link or attachment, which opens a blurred image of a Microsoft document. The victim is then redirected to a Microsoft 365 login page. What sets this apart is that the victim's email address and company logo are already pre-filled, making it seem legitimate.

Once the victim enters their password and, if necessary, the MFA code, Greatness intercepts the information and collects the authenticated session cookies. These cookies are then passed on to the attacker using Telegram or the admin panel.

Crafting phishing attacks used to require time, effort, and coding skills. With Greatness, it's as simple as filling out a form. You can customize the title, caption, and even include an image of an Excel spreadsheet to trick the victim. The "autograb" feature automatically fills in the victim's email address on the login page.

What makes Greatness so dangerous is its ability to bypass MFA effortlessly and its slick presentation. Traditional awareness and basic cyber hygiene might not be enough to protect enterprises from its grasp.

One possible solution is adjusting cookie session timeouts. Organizations should consider shorter timeouts to minimize the risk. However, it's crucial to strike a balance between security and usability. Forcing users to go through MFA every few minutes might not be practical.

In cases where simple fixes fall short, more advanced security measures are necessary. Anomaly detection and location-based logins can provide an additional layer of protection. It's essential to elevate detection capabilities to stay ahead of these sophisticated attacks.

However, in the midst of this concerning development, there is a glimmer of hope. The emergence of tools like Greatness serves as evidence that multifactor authentication (MFA) is indeed effective. Attackers are making deliberate efforts to counter it because they can no longer overlook its effectiveness. MFA has become an essential tool in the battle against cybercrime. At Acyber Institute, we collaborate with organizations throughout the continent to explore authentication models that best align with their unique security requirements.

As technology advances, so do the tactics of cybercriminals. It's crucial for individuals and organizations to stay informed, remain vigilant, and implement the necessary security measures to protect themselves from evolving threats like Greatness. By working together and staying one step ahead, we can ensure a safer digital landscape for everyone.

11 views0 comments


bottom of page