It’s not the first time. Neither that a strategy linked to phishing is used, nor that Microsoft is affected by a hacker attack. But the last case would affected thousands of people, particularly Microsoft 365 users.
According to a report from the Trustwave website, a new phishing threat has been discovered (using an email account that simulates a real address, in this case from Microsoft) that It directly attacks the user accounts of Bill Gates’ company. The main goal is to steal usernames and passwords.
The report named the attack Rockstar 2FA and it is based on AiTM type attacks, acronym for Adversary in the Middle attack, a variant of the well-known Man-in-the-Middle (MitM) attack. Basically, it is a form of espionage and data theft in which an attacker intercepts data from a sender to the recipient, and then from the recipient to the sender. HE called “adversary in the middle” because the attacker’s device is located between the sender and the recipient and silently retransmits messages without either party being aware of listening.
But the effectiveness of the attack is not enough. The Microsoft platform also helps them thanks to the “fragility” of session cookies. The login data is saved here, making it easier to enter a page without having to enter the password every time we enter.
The attack takes advantage of this to ask for the password and the user, pretending to be Microsoft and when we fall into the trap and give our data, we are already part of the hack. And most do not realize that they have fallen. When sending the data, the virus sends the real data to Microsoft, but intercepts it along the way without the user or the company knowing. That is the “genius” of this type of attack and its difficulty in being detected.
The problem that the aforementioned report warns about is that this type of virus is sold online for a very low price (less than 200 euros). How to prevent this type of attacks? Basically, you have to be careful about the emails we open, verify the address from which they come to ensure that everything is in order and have a double authentication system to avoid falling into traps.