Researchers have uncovered a novel phishing-as-a-service (PhaaS) platform named “ONNX Store” that specifically targets Microsoft 365 credentials, particularly those belonging to employees within financial institutions.
With the help of Telegram bots, this service, which is available on a subscription basis, offers a collection of tools that are intended to simplify and increase the amount of credential theft.
One such feature involves deploying phishing pages crafted to mimic legitimate Microsoft 365 login interfaces, but the most concerning aspect of the ONNX Store lies in its capability to potentially bypass two-factor authentication (2FA).
While the specifics of this bypass method remain under investigation, researchers suspect it involves techniques to intercept 2FA requests initiated by unsuspecting victims.
It effectively grants unauthorized access even when 2FA, a secondary security layer intended to strengthen account protection, is enabled, which significantly enhances the effectiveness of business email compromise (BEC) attacks by circumventing the additional protection offered by 2FA.
Interestingly, experts posit that the ONNX Store might simply be a rebranded version of the “Caffeine” phishing kit due to shared infrastructure and their presence on the same Telegram advertising channels.
The concerning aspect of PhaaS platforms like ONNX Store is the ease of use and affordability they offer, which essentially commoditizes cybercrime, lowering the technical barrier to entry for less sophisticated attackers.
As a consequence, even individuals with limited technical prowess can now orchestrate intricate phishing campaigns that mimic legitimate login portals and potentially bypass 2FA safeguards.
Due to its ease of use, there is a possibility that there will be a significant increase in the number of BEC attacks that target the financial sector, which could result in significant financial losses.
According to Kaspersky, financial institutions, a prime target for these attacks, should prioritize cybersecurity awareness training for employees to educate them on how to identify phishing attempts and the importance of adhering to secure login practices.
Additionally, implementing stricter security protocols such as multi-factor authentication (MFA) that go beyond simple SMS verification codes can offer an additional layer of defense against these evolving phishing tactics.