November 21, 2024 at 05:43PM
Microsoft seized 240 domains linked to ONNX, a phishing-as-a-service platform targeting companies and individuals since 2017. ONNX was the leading player in middle (AitM) phishing, promoting phishing kits on Telegram. Microsoft’s legal action aims to disrupt ONNX’s operations, though other threat providers may emerge.
### Meeting Takeaways
1. **Domain Seizure**: Microsoft has seized 240 domains belonging to ONNX, a phishing-as-a-service platform that has been operational since 2017.
2. **Phishing Threat Landscape**: ONNX was identified as the leading adversary in the middle (AitM) phishing services in Microsoft’s “Digital Defense Report 2024,” showing a high volume of phishing emails aimed at Microsoft 365 accounts for the first half of the year.
3. **Business Model**: ONNX marketed phishing kits via a subscription service model on Telegram, with prices ranging from $150 to $550 per month. The kits targeted major technology companies, including Google, DropBox, Rackspace, and Microsoft.
4. **Attack Mechanisms**:
– Attacks were managed through Telegram bots and included features for two-factor authentication (2FA) bypass.
– Recent techniques included QR code phishing (quishing) aimed at employees of financial firms.
– The platform utilized bulletproof hosting services and self-decrypting encrypted JavaScript code, enhancing attack effectiveness and evasion strategies.
5. **Legal Action Impact**: Although the seizure is expected to significantly disrupt ONNX operations, Microsoft anticipates that other providers may fill the gap, and adversaries will adapt their methods accordingly.
6. **Statements from Microsoft**: Steven Masada, assistant general counsel for Microsoft’s Digital Crimes Unit, emphasized that the action conveys a strong message against those who replicate harmful services, highlighting Microsoft’s commitment to protect its users and continuously improve its defensive strategies.
7. **Additional Resource**: A full list of the seized domains can be accessed via the provided link.
These points summarize the key discussions and insights from the meeting regarding Microsoft’s actions against ONNX and the ongoing challenges in combating phishing activities.