Hackers are targeting top executives to steal their work logins

Analysts at cybersecurity firm Proofpoint have claimed high-level execs at some of the world’s leading companies are repeatedly targeted with credential-stealing attacks.

More alarmingly, according to the figures, around one-third (35%) of the compromised users observed over the past year had multi-factor authentication (MFA) enabled.

The attacks come amid a rise in cases of EvilProxy, a phishing tool based on a reverse proxy architecture, which Proofpoint says allows attackers to steal even MFA-protected credentials.

Account passwords are highly sought-after

Threat actors are now increasingly using Adversary-in-the-Middle (AitM) phishing kits (including the above-mentioned EvilProxy) to steal credentials and session cookies in real time.

The scale of the problem is only clear when Phishing-as-a-Service (PaaS) is unpacked. PaaS allows even technically challenged attackers to take part in credential-stealing activities.

In the three months leading up to June 2023, Proofpoint observed around 120,000 EvilProxy phishing emails being sent to hundreds of targeted organizations globally, with many targeting Microsoft 365 user accounts in particular.

Fortunately, an overview of the attacks has enabled Proofpoint to pinpoint some of the most common tactics when it comes to phishing attacks, including brand impersonation and cybersecurity scan blocking.

Another telltale sign of an attack could be that the attacker leads a victim down a multi-step path, via legitimate redirectors like YouTube, to the point where malicious cookies and 404 redirects execute an attack.

The firm recommends effective email monitoring with a strong business email compromise (BEC) prevention solution as well as other cloud and web security products. Regular cybersecurity training for staff is also an effective way to prevent mistakes by would-be victims, while those looking to take security even further can employ passwordless passkey authentication for eligible accounts.