Cyber Crime As A Service

As you can get efficiencies by operating a subscription delivery model, even cyber criminals have started to employ this idea. There are nation state backed cyber criminals which operate with impunity on the one condition, they don’t deploy their software on home soil. So we can have people with little to no coding experience launching cyber attacks through this method. All you need is an internet connection, and then you just have to contact the telegram group, pay the license fee, then they will give you a license key, and you are set, ready to go.

Phishing Attacks

A phishing attack is a targeted email, trying to encourage you to click on a link. These can be very sophisticated and appear to be a legitimate email from one of your contacts. Generally these emails are getting more and more refined by appearing to masquerade as a normal email you may receive from one of your contacts. Think about all of the emails you get that you need to click a link. Do you really need to click that link?

Getting around MFA/2FA

Now although multi-factor authentication is pretty much standard these days, cyber criminals have worked they way around it. If the account is protected by MFA, Greatness will prompt the victim to provide the code, whilst triggering a request on the real Microsoft service, so the one time code is sent to the targets device. Once the MFA code is provided, Greatness will authenticate as the victim on the real Microsoft platform and send the authenticated session cookie to the affiliate via the Telegram channel or the services web portal.