The C2C phishing-as-a-service market.
N2K logoMay 12, 2023

A new phishing-as-a-service tool, called “Greatness,” has been seen in use in many attacks since mid-2022, allowing for advanced tools to be in the hands of even the most beginner hackers.

The C2C phishing-as-a-service market.

A new phishing-as-a-service (PaaS) offering, “Greatness” places advanced capabilities in the hands of even relatively raw, rookie hackers, Talos Intelligence reports.

An advanced tool, accessible even by newbies.

The “Greatness” tool allows for more advanced capabilities within the PaaS realm, including “multi-factor authentication (MFA) bypass, IP filtering and integration with Telegram bots,” the researchers report. The tool is focused specifically on Microsoft 365 phishing pages, and provides users with a builder to create convincing faux login pages. The users have to deploy and configure a phishing kit that they are given an API key for. “The phishing kit and API work as a proxy to the Microsoft 365 authentication system, performing a ‘man-in-the-middle’ attack and stealing the victim’s authentication credentials or cookies.”

The targets of the PaaS tool.

Companies have been most often targeted by Greatness, the Record reports. Manufacturing, healthcare and technology are the three most commonly targeted sectors in these attacks, Talos researchers report, with the United States, United Kingdom, Australia, South Africa, and Canada making up almost the entirety of the targeted base.

Taking a layered approach to security in the age of phishing-as-a-service.

Erich Kron, security awareness advocate at KnowBe4, notes that the complexity of the Greatness tool is not surprising, and that a layered defense that incorporates education and filters is important to defend against these tools:

 “With the ‘as-a-service’ offerings continuing to grow quickly in the cybercrime circles, it's not a huge surprise to see the complexity and features of this particular service. Things such as ‘Phishing-as-a-Service’ offerings are designed to allow non-technical or less technical bad actors to get in on the cybercrime game. Because this is such a lucrative market, it's very attractive to many people who could not handle all of the parts needed to successfully phish people on their own. By leaving the infrastructure maintenance and malware development to developers, it frees up cybercriminals to concentrate on getting people to click on links or open the documents that they are sending.

 “For organizations to defend against this ever-growing industry that is supporting so many more cyber criminals, it's important that they take a layered approach to security. That means educating users on how to spot and report the phishing emails sent by services like this, and being able to spot fake login pages that are so popular among cybercriminals when working to steal credentials. In addition, email filters are very important to have, and countermeasures against ransomware and other malware, which can also be spread through email phishing, are critical in modern cyber defense.”