Threat of the Week Proofpoint: Office 365 Phishing

Threat of the Week: SecurityXploded Toolkit and Microsoft Sharepoint Phishing

Each week we host a Threat of the Week webinar featuring a high-level look at interesting threats to help security teams navigate the attack landscape. Last week we explored Sentinel, Lazagne and Stripe and Square payment phishing. This week, we focus on the SecurityXploded Toolkit and phishing of Microsoft Sharepoint.

The SecurityXploded Toolkit is a legitimate pack of free security tools put out by XenArmor to help security experts and system administrators do their jobs. Unfortunately, threat actors have different plans for SecurityXploded tools such as password recovery, anti-spyware, forensics, network and system security are twisted and used to help cyber criminals.

The chain begins with a targeted email sent to folks with a PDF document in it. The PDF document contains URLs that encourage users to click on the links contained in the PDF. Once clicked, a compressed file downloads containing an executable. If the executable is run, Visual Basic and batch scripts are kicked off, loading the SecurityXploded Toolkit onto the user’s computer. Unfortunately, these tools will now be used to collect passwords, most notably, email and browser passwords.

In addition to the SecurityXploded toolkit, we cover Microsoft Sharepoint phishing campaign. Microsoft Office 365 is gaining tons of market share and people are migrating to it every day. This growth presents an opportunity for criminals. 

In this phishing campaign, fraudulent emails encourage users to log into their Microsoft O365 account. Users are then directed to a page that looks strikingly similar to a Microsoft login page. When they enter their credentials, the unsuspecting victim will receive a notice that the username or password was incorrect and typically will be re-directed to the correct Microsoft login page. Unfortunately, the threat actors now have username and passwords for use or sale and the victim just thinks he or she typed in their password incorrectly.

Finally, we reveal how easy it is for threat actors can find information about people on the Internet, focusing specifically on how cyber criminals leverage your LinkedIn details to launch attacks.

Learn more about these threats and how to best combat them by listening to the full webinar here.

Subscribe to the Proofpoint Blog