SecOps & Risk mitigation
CyberProof uses OSINT and threat intelligence feeds for visibility into threats.
CyberProof’s adaptable playbooks address continuously evolving threats with updated strategies.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
Professionals manage sophisticated networks, leveraging experience to counter advanced threats.
24/7 global SOC support ensures incident response with guaranteed SLA.
24/7 global SOC support ensures incident response with guaranteed SLA.
CyberProof develops recovery plans, restoring capabilities after a cyber incident.
Classify and manage enterprise assets, understanding risks and data sensitivity.
Non-destructive tests uncover potential exploits in assets and applications.
Mitigate security issues early with CyberProof’s training and awareness programs.
Rigorous security assessment for on-premise and cloud applications to ensure protection.
IAM manages user access, monitors for anomalies, ensuring security.
Cloud First approach ensures compliance and security within cloud environments.
Managed service for SIEM, EDR, MXDR, and threat intelligence solutions.
Identify, assess, and mitigate security vulnerabilities through regular scanning.
Partners
See all partners“Today I have complete visibility into the entire environment, in real time”
Jamil Farshchi | Equifax CISO
CyberProof Acquires Interpres Security
By leveraging and integrating the Interpres Security CTEM solution into its security services portfolio, CyberProof is able to continuously identify, assess, and prioritize risk while adapting defense services, like MDR, Vulnerability management and Use case management to address ever evolving threats. Take proactive steps to fortify your security today!
Start the journey today
Book a meetingCase Studies
Retail Company Reduces Data Costs by 85% with SIEM Transformation
90% increase in visibility after deploying Microsoft XDR with CyberProof
Enterprise saves millions on data ingestion & storage following cloud migration.
SOC unification streamlines enterprise insurance company’s security & network monitoring operations.
Global medical devices company gains visibility and meets stringent compliance standards across global geos
Pharmaceutical organization significantly enhances threat detection and response times
Threat Alerts
Microsoft 365 Under Attack with Sophisticated AiTM Phishing Kits
Lately, a novel Adversary-in-the-Middle (AiTM) phishing kit named “Sneaky 2FA” emerged, targeting Microsoft 365 accounts through phishing-as-a-service (PhaaS) operations. Distributed by the “Sneaky Log” service on Telegram, this kit employs sophisticated methods to bypass multi-factor authentication (MFA), leveraging compromised infrastructure and customized phishing pages. Its rapid adoption by cybercriminals highlights the evolving threat landscape, where attackers increasingly seek advanced, cost-effective tools to conduct credential theft and Business Email Compromise (BEC) attacks.
The Sneaky 2FA phishing kit automates the harvesting of credentials and session cookies through phishing pages that mimic Microsoft login portals. Using URL parameters, these pages autofill victims’ email addresses, streamlining the attack process. Anti-bot measures like Cloudflare Turnstile and obfuscated HTML and JavaScript code ensure evasion from security scans and analysis tools.
Upon luring a victim to interact with the phishing page, the credentials and MFA details are forwarded to the attacker’s server, which authenticates with Microsoft 365 APIs directly. This process mimics legitimate user activity but introduces anomalies, such as inconsistent User-Agent strings, which can be leveraged for detection.
Operated via Telegram, Sneaky Log offers a subscription-based model, granting customers access to the phishing kit and support through automated bots. It integrates cryptocurrency-based payment systems with obfuscation techniques, complicating transaction tracking. By adopting methods from older phishing kits like W3LL OV6, Sneaky 2FA represents a blend of innovation and code reuse. Its moderate but growing adoption underscores the need for vigilant monitoring of AiTM phishing kits, as attackers exploit these tools to bypass MFA protections and compromise sensitive accounts.
A Sophisticated Campaign Targeting Management Interfaces on Fortinet, Fortigate Products
A sophisticated cyber campaign has been detected, targeting Fortinet FortiGate firewall devices, posing a security threat. By exploiting vulnerabilities to access the firewalls’ management interfaces, the attackers were able to make unauthorized configuration changes and exfiltrate credentials, potentially leading to further intrusions and data breaches.
While the details of the vulnerability exploited in this campaign are not yet disclosed, the pattern of exploitation suggests the likelihood of an unknown zero-day vulnerability being abused.
The methodical of the campaign becomes apparent as it is separated into four phases. Initially, the attackers conducted scans for exploitable entry points, using jsconsole sessions from non-standard IP addresses to potentially leverage a zero-day vulnerability within a constricted timeframe.
Next, the attackers move on to the reconnaissance phase, modifying configurations to solidify their presence. As the campaign advanced, the attackers methodically orchestrated SSL VPN configurations, creating new pathways into the network. This is achieved through both fabricated and compromised user accounts. In addition, they established VPN tunnels from IP addresses associated with VPS hosting providers, further entrenching their access and raising the stakes of the intrusion.