"The phishes target any Google and Microsoft accounts, from small businesses to large enterprises, we're told. And while Okta didn't have a confirmed victim count, "we have observed high-confidence account takeovers in multiple entities," the threat intel team told us. "By extension, we expect Microsoft and Google will have observed a larger number of ATO events, given that VoidProxy proxies non-federated users directly with Microsoft and Google servers.""
""We regularly see new phishing campaigns like this pop up, which is why we design durable protections to keep users safe from these types of attacks, including defenses against domain spoofing, phishing links, and compromised senders," a Google spokesperson told The Register. "We also agree with the report's recommendation that users adopt passkeys as a strong protection against phishing.""
Multiple attackers are using a phishing-as-a-service called VoidProxy to steal credentials, multi-factor authentication codes, and session tokens in real time. The operation proxies non-federated Google and Microsoft users directly with those servers, enabling rapid account takeovers across small businesses and large enterprises. Okta Threat Intelligence observed high-confidence account takeovers and linked campaigns to VoidProxy dark-web ads dating back to August 2024, with attacks observed beginning around January. Criminals and cybercrime gangs advertise and use the service across industries and geographies. Google recommends durable protections and adoption of passkeys to mitigate phishing risks.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]