Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Craig Hale

Hackers are targeting top executives to steal their work logins

Person typing

Analysts at cybersecurity firm Proofpoint have claimed high-level execs at some of the world’s leading companies are repeatedly targeted with credential-stealing attacks.

More alarmingly, according to the figures, around one-third (35%) of the compromised users observed over the past year had multi-factor authentication (MFA) enabled.

The attacks come amid a rise in cases of EvilProxy, a phishing tool based on a reverse proxy architecture, which Proofpoint says allows attackers to steal even MFA-protected credentials.

Account passwords are highly sought-after

Threat actors are now increasingly using Adversary-in-the-Middle (AitM) phishing kits (including the above-mentioned EvilProxy) to steal credentials and session cookies in real time.

The scale of the problem is only clear when Phishing-as-a-Service (PaaS) is unpacked. PaaS allows even technically challenged attackers to take part in credential-stealing activities.

In the three months leading up to June 2023, Proofpoint observed around 120,000 EvilProxy phishing emails being sent to hundreds of targeted organizations globally, with many targeting Microsoft 365 user accounts in particular.

Fortunately, an overview of the attacks has enabled Proofpoint to pinpoint some of the most common tactics when it comes to phishing attacks, including brand impersonation and cybersecurity scan blocking.

Another telltale sign of an attack could be that the attacker leads a victim down a multi-step path, via legitimate redirectors like YouTube, to the point where malicious cookies and 404 redirects execute an attack.

The firm recommends effective email monitoring with a strong business email compromise (BEC) prevention solution as well as other cloud and web security products. Regular cybersecurity training for staff is also an effective way to prevent mistakes by would-be victims, while those looking to take security even further can employ passwordless passkey authentication for eligible accounts.

  • Looking for a cybersecurity boost? How about using one of the best firewalls?
Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.