Phishing-as-a-Service (PhaaS) is a business model that provides ready-made tools for cybercriminals to launch phishing attacks.
Recently, Microsoft took down hundreds of domains tied to a PhaaS operation, which cut off the infrastructure these criminals used to target businesses and individuals like you.1
How will Microsoft’s takedown of the PhaaS platform help safeguard individuals and businesses from phishing campaigns in the future?
Shutting Down DIY Phishing Kits
Microsoft’s Digital Crimes Unit seized 240 fake websites linked to an Egypt-based hacker, Abanoub Nady, also known as “MRxC0DER.”
Example of the ONNX phishing email
Source: Microsoft
Phishing emails from these Do-It-Yourself (DIY) kits account for a large share of the millions of phishing attempts Microsoft tracks monthly. Microsoft, with help from other Cybersecurity teams like DarkAtlas and EclecticIQ, has been tracking Abanoub Nady’s fraudulent ONNX phishing operation since 2017.
The ONNX operation was a top-five phishing kit provider in early 2024 and operated like an online store selling tools to cybercriminals. This operation sold phishing kits through platforms like Telegram, offering subscription models to launch large-scale phishing campaigns. Buyers got templates, tech support, and even “how-to” videos to guide their attacks, often targeting financial institutions.
Using a civil court order unsealed in the Eastern District of Virginia, Microsoft redirected ONNX’s malicious infrastructure to its own systems. This move cuts off cybercriminals’ access, shutting down the phishing operation for good and stopping further attacks.
By taking down the ONNX platform, Microsoft is disrupting a key part of the phishing supply chain and protecting its customers.
Phishing Tactics Are Getting Smarter
Cybercriminals are leveling up, using gimmicks like “adversary-in-the-middle” (AiTM) phishing to bypass defenses like multi-factor authentication (MFA). These attacks let hackers steal credentials and authentication cookies by secretly intercepting your online communications.
As stated in Microsoft’s 2024 Digital Defense report, the company’s researchers have seen a 146% spike in these attacks, showing just how quickly cyber threats shift and morph faster than a chameleon in the wild.
Watch Out For New Phishing Schemes Like QR Code Scams
The Financial Industry Regulatory Authority (FINRA), an organization that regulates U.S. broker-dealers, recently issued a Cyber Alert about rising “adversary-in-the-middle” (AiTM) phishing attacks, including a furtive method called “quishing.”
Quishing uses QR codes in emails to lure you into scanning them. Once scanned, these codes take you to fake websites, often mimicking sign-in pages, where you’re asked to enter your credentials.
In the same 2024 Digital Defense report, Microsoft noticed a sharp rise in QR code phishing attacks starting in late 2023, making up nearly 25% of all email phishing attempts. These attacks are tough to spot because QR codes look like harmless images. So stay cautious—think twice before scanning any QR code from an unknown source.
How This Takedown Means For Financial Institutions & Beyond
Microsoft’s recent takedown of 240 phishing domains is a step toward creating a safer business environment for everyone.
Microsoft also worked alongside LF Projects, LLC, the trademark owner of the legitimate “ONNX” name and logo. Unlike the fraudulent ONNX operation, the real ONNX is an open standard for machine learning models designed to make AI tools work seamlessly across platforms. Protecting this trademark not only safeguards a valuable technology but also prevents its misuse in phishing campaigns.
For businesses, the Federal Trade Commission’s (FTC) Safeguards Rule now requires financial institutions to protect their customers’ nonpublic personal information (NPI) from unauthorized access, use, or disclosure. This means having a strong Cybersecurity program that includes regular assessments, staff training, and tools to detect and respond to threats.
FAQ
What Is Phishing-as-a-Service (PhaaS)?
Phishing-as-a-Service (PhaaS) is a business model where cybercriminals sell phishing tools that make it easier for anyone to launch phishing attacks. These tools often include pre-built email templates and technical infrastructure, allowing attackers to impersonate trusted brands and steal sensitive information.
How Did Microsoft Disrupt These Phishing Operations?
Microsoft took down 240 malicious domains linked to the ONNX phishing operation. This action severed the infrastructure cybercriminals used to carry out phishing campaigns, making it more difficult and costly for them to continue their attacks.
How Does This Affect My Business?
Microsoft’s findings help you become aware that any business is vulnerable to Cyberattacks. The 2Secure team advises you to remain vigilant and report any suspicious emails to Cybersecurity experts. Yigal Behar of 2Secure shares the story of a customer who avoided danger by consulting professionals before engaging with a phishing email.
Source:
- Masada, S. (2024, November 21). Targeting the cybercrime supply chain. Microsoft on the Issues. https://blogs.microsoft.com/on-the-issues/2024/11/21/targeting-the-cybercrime-supply-chain/
