This worm phishing campaign is a game-changer in password theft, account takeovers
A new worm phishing campaign discovered by cybersecurity architect and bug bounty hunter Craig Hays has gained widespread attention as a new method of password theft. Hays outlined the phishing attempt in a recent report, stating that it went beyond usual tactics and basic attempts to compromise a network, claiming that the attack was the greatest password theft he had ever witnessed. Hays stated that a response team received a typical alert from their organization, however, it soon became clear that the type of attack was previously unheard of.
Throughout the morning, the response team continued to get alerts, soon realizing that the attack was much larger than they previously thought. After conducting an initial damage assessment and recovering two accounts, the team realized they were facing a huge wave of account takeovers. Generally, in phishing attacks it is easy to identify the source as an unknown contact from earlier in the day, however, in this case, there was no obvious criminal. None of the victims had opened or clicked on any obviously spoofed emails. Hays found that the phishing emails were being sent as replies to genuine emails, and once the threat actors compromised an account, the credentials were forwarded to a bot. The bot then was able to sign in to the account and analyze the past week’s emails, using this information to further the attack and so forth.