Phishing Attacks target Microsoft 365 | At Neuways, we understand that cyber threats evolve rapidly, and staying ahead of attackers is critical for businesses relying on Microsoft 365. A recent discovery by cyber security researchers revealed a new and dangerous phishing-as-a-service (PhaaS) scheme called Sneaky Log, which poses a significant threat to organisations using Microsoft 365. This scheme bypasses two-factor authentication (2FA), highlighting the need for robust security measures and expert support.
How Does Sneaky Log Phishing Work?
The Sneaky Log phishing kit, distributed via Telegram, allows cyber criminals to exploit Microsoft 365 accounts through adversary-in-the-middle (AiTM) attacks. Here’s how it works:
- Fake Authentication Pages: Victims are lured to convincing, fraudulent Microsoft login screens hosted on compromised WordPress sites or other domains.
- Cloudflare Turnstile Verification: A fake “Verify you are human” prompt creates a false sense of legitimacy.
- Credential Harvesting: When users provide login details, including 2FA codes, the phishing server captures this information.
- Account Access: Attackers use the captured data to access the user’s Microsoft 365 account via its API.
- Redirect to Legitimate Microsoft Pages: Victims are redirected to genuine Microsoft URLs, masking the breach while attackers maintain access.
Suppose the phishing kit detects bot traffic, cloud providers, or flagged IPs. In that case, it redirects these visits to a benign Microsoft-related Wikipedia page, employing a tactic seen in similar phishing schemes such as WikiKit.
Mitigating Sneaky 2FA
Detecting the Threat
Activity associated with Sneaky 2FA can appear in Microsoft 365 audit logs. For example, unusual authentication flows—such as mismatched User-Agent strings (e.g., a Safari login followed by an Edge login within minutes)—can indicate malicious activity.
Neuways can assist your business in monitoring audit logs, identifying anomalies, and implementing rules to detect threats early.
Proactive Protection Measures
Neuways recommends the following steps to protect your business:
- Strengthen MFA: While Sneaky 2FA targets 2FA systems, MFA remains a key defence. Pair it with conditional access policies for enhanced security.
- Implement Advanced Threat Protection (ATP): Microsoft 365 ATP and Neuways’ tailored security solutions can detect and mitigate phishing attempts before they reach employees.
- Educate Your Workforce: Human error remains a shared vulnerability. Neuways offers comprehensive training to help your team spot phishing attempts and handle suspicious communications effectively.
Recognising Phishing Tactics
One example from Sekoia involved an email attachment titled “Final Lien Waiver.pdf”, containing a QR code that led to a compromised page. Neuways encourages businesses to:
- Avoid interacting with unexpected or unusual emails.
- Verify suspicious messages through a secure channel.
- Report phishing attempts immediately to your IT team or service provider.
Why Microsoft is a Frequent Target
As one of the most widely used business platforms, Microsoft 365 is a prime target for cyber criminals. Recent examples include:
- 2023: Microsoft’s Threat Intelligence team exposed phishing kits targeting Office and Outlook users.
- Late 2023: Proofpoint identified ExilProxy, a phishing kit to bypass MFA.
- October 2024: Check Point highlighted increasingly sophisticated phishing campaigns mimicking Microsoft services.
These attacks demonstrate the need for organisations to stay vigilant and proactive in their cyber security strategies.
How Neuways Protects Your Business
At Neuways, we specialise in delivering cyber security solutions that defend against emerging threats like Sneaky Log. Our expertise includes:
- Advanced Microsoft 365 Security: We implement tailored cyber security solutions to strengthen your defences, including ATP, conditional access, and robust 2FA configurations.
- Employee Awareness Training: Our training programs equip your team with the skills to effectively identify and respond to phishing attempts.
- 24/7 Monitoring and Support: With Neuways, you’ll benefit from round-the-clock security monitoring, ensuring threats are detected and mitigated before they can cause damage.
Stay Ahead of Cyber Threats with Neuways
Cyber security isn’t just about technology; it’s about having the right partner to guide you through the ever-changing threat landscape. Contact Neuways today to learn how we can help protect your organisation from sophisticated phishing schemes like Sneaky Log.
Phishing attacks target Microsoft 365 | Visit neuways.com to discover how we can secure your business and ensure your Microsoft 365 environment remains safe, efficient, and reliable.
