Tag:

social engineering

Barracuda spots 7 million device code phishing attacks

by Chief Editor April 24, 2026

written by Chief Editor

The Industrialization of Identity Theft: The PhaaS Evolution

The landscape of cybercrime is shifting from manual, targeted attacks to a highly scalable business model. The emergence of Phishing-as-a-Service (PhaaS) platforms, such as the EvilTokens kit, allows low-skill criminals to launch sophisticated campaigns that were once the sole domain of advanced threat actors.

This “industrialization” means that high-volume attacks are now easier to execute. For example, security firm Barracuda recently detected over 7 million device code phishing attacks within a single four-week window. By packaging complex exploits into ready-to-use kits sold on platforms like Telegram, the barrier to entry for attackers has vanished.

Did you recognize? Device code phishing is particularly dangerous since it doesn’t rely on fake login pages. Instead, it tricks users into using the legitimate Microsoft login portal, making it nearly invisible to traditional “spot the fake URL” training.

Beyond the Password: The Shift to Token Hijacking

For years, security training focused on preventing credential theft. However, we are seeing a strategic pivot toward hijacking trusted authentication flows. Instead of stealing a password, attackers are now targeting OAuth 2.0 access and refresh tokens.

View this post on Instagram about Microsoft, Phishing

From Instagram — related to Microsoft, Phishing

By abusing the device authorization flow—originally designed for devices with limited interfaces like printers or smart TVs—attackers can gain authorized access to Microsoft 365 and Entra ID environments. Once a victim enters a legitimate code on a real Microsoft page, the attacker receives the token directly.

This method provides three critical advantages for the attacker:

Stealth: No cloned websites are used, bypassing many email filters.
MFA Bypass: Because the victim authorizes the device themselves, multifactor authentication (MFA) and conditional access checks are often bypassed.
Persistence: Refresh tokens can grant attackers access for days or weeks, remaining effective even if the user changes their password.

The Next Frontier: Cross-Platform Expansion

While current surges heavily target Microsoft ecosystems, the trend is moving toward cross-platform versatility. The developers behind the EvilTokens kit have already indicated plans to extend their phishing capabilities to include Gmail and Okta phishing pages.

How fast is a BARRACUDA ATTACK? FREE CODE FRIDAY : DIGITAL CODES Magic Mike 7th son

This suggests a future where “identity-agnostic” phishing kits can pivot between different cloud providers depending on the target’s infrastructure. We are already seeing diverse threat actors—including Russian groups like Storm-237, UTA032, UTA0355, UNK_AcademicFlare, and TA2723, as well as the ShinyHunters data extortion group—leveraging these advanced techniques.

Pro Tip: To mitigate this risk, organizations should implement layered security controls, including advanced email filtering and continuous monitoring of identity protection mechanisms. Tighter controls around device authorization flows are essential to stop token abuse.

Redefining the Human Firewall

The rise of device code phishing renders traditional “look for the padlock” or “check the domain” advice obsolete. Since the final step of the attack happens on a genuine site (such as microsoft.com/devicelogin), the battle has shifted from technical detection to contextual awareness.

Future security training must move beyond identifying “fake” sites and instead teach users to question the reason for a request. If a user is asked to enter a verification code for a device they didn’t intentionally link, it should be treated as a critical red flag, regardless of how legitimate the website appears.

Attackers are increasingly tailoring their lures to specific roles. Recent campaigns have used PDFs, HTML, and DOCX files impersonating financial documents, payroll notices, or SharePoint shares to target employees in HR, finance, logistics, and sales.

Frequently Asked Questions

What is device code phishing?
It’s an attack that abuses the OAuth 2.0 device authorization flow. Attackers trick users into entering a legitimate device code on an official login page, which grants the attacker an access token to the user’s account.

Can MFA stop device code phishing?
Not necessarily. Because the victim is the one performing the authentication on a trusted device, they effectively “approve” the attacker’s session, potentially bypassing MFA and conditional access checks.

What is EvilTokens?
EvilTokens is a Phishing-as-a-Service (PhaaS) kit that automates device code phishing attacks, primarily targeting Microsoft 365 and Entra ID environments.

How do I protect my organization?
Implement layered security, use advanced email filtering, monitor for unusual identity patterns, and train staff to never enter device codes unless they initiated the request themselves.

Are you confident in your current identity protection strategy? Share your thoughts in the comments below or subscribe to our newsletter for the latest updates on evolving cyber threats.

April 24, 2026 0 comments

Tech

Microsoft Teams To Warn About Brand Impersonation Calls » TechWorm

by Chief Editor January 24, 2026

written by Chief Editor

Teams Gets Smarter: How Microsoft’s New Security Feature Signals the Future of VoIP Protection

Microsoft’s recent rollout of “Brand Impersonation Protection” in Teams isn’t just a feature update; it’s a bellwether for how we’ll defend against increasingly sophisticated voice-based scams. For years, email has been the primary battleground for phishing and social engineering. Now, attackers are pivoting to voice calls, exploiting the inherent trust we place in real-time conversation. This shift demands a new layer of security, and Microsoft is stepping up to the challenge.

The Rise of Voice-Based Social Engineering

Why the move to voice? It’s simpler and often bypasses existing security protocols. A convincing impersonation of a bank representative, for example, can be far more effective than a poorly-written email. According to the FBI, business email compromise (BEC) schemes are increasingly leveraging VoIP and video conferencing platforms – like Teams – to defraud businesses. The agency reported a staggering $2.7 billion in losses in 2022 alone.

The core of the problem lies in the ease of spoofing phone numbers. Attackers can mask their true identity, making it appear as though the call is originating from a legitimate source. Brand Impersonation Protection aims to disrupt this by analyzing call signals – technical data transmitted during a call – to identify patterns associated with fraudulent activity.

How Brand Impersonation Protection Works: A Deeper Dive

This isn’t about blocking all unknown callers. It’s about intelligent risk assessment. The system focuses on first-time external VoIP calls. When an unfamiliar number calls, Teams analyzes the call signals. These signals aren’t publicly detailed (to prevent attackers from circumventing the system), but likely include factors like call origination, routing patterns, and potential inconsistencies in caller ID information.

If a high risk is detected, users receive a prominent warning before answering. This is crucial. It gives the recipient a moment to pause and consider the call’s legitimacy. The warning can persist even after the call is answered if suspicious behavior continues, serving as a constant reminder to be vigilant. This proactive approach is a significant departure from reactive security measures.

Pro Tip: Even with this protection, always verify the caller’s identity independently. Hang up and call the organization back using a known, trusted number (found on their official website, not provided by the caller).

Beyond Teams: The Future of VoIP Security

Microsoft’s move is likely to trigger a wave of similar security enhancements across other VoIP platforms. Here’s what we can expect to see in the coming years:

AI-Powered Voice Authentication: Expect more sophisticated voice biometrics and AI-driven authentication methods to verify caller identity in real-time. This goes beyond simple password prompts.
Caller ID Verification Standards: Industry-wide adoption of standards like STIR/SHAKEN (Secure Telephone Identity Revisited/Signature-based Handling of Asserted information using toKENs) will become more widespread, helping to authenticate caller ID information.
Real-Time Threat Intelligence Feeds: VoIP providers will increasingly integrate with threat intelligence feeds to identify and block known scam numbers and patterns.
Behavioral Analysis: Systems will analyze call patterns and conversational cues to detect anomalies that might indicate a scam. For example, unusually aggressive questioning or requests for immediate action.
Integration with Security Information and Event Management (SIEM) Systems: VoIP security events will be integrated into broader SIEM systems, providing a holistic view of security threats.

Companies like Hiya and First Orion are already pioneering these technologies, offering caller ID and call blocking solutions that leverage AI and data analytics.

The Role of IT Departments: Preparation is Key

While Microsoft’s Brand Impersonation Protection is automatically enabled, IT departments have a critical role to play. Users will inevitably have questions and concerns when they encounter these warnings. Updating internal training materials and preparing helpdesk staff to address these inquiries is essential. A well-informed workforce is the first line of defense.

Did you know? Scammers often target employees with access to financial systems or sensitive data. Targeted training for these individuals is particularly important.

FAQ: Brand Impersonation Protection in Teams

Will this block legitimate calls? Rarely. The system is designed to flag high-risk calls, not block all unknown numbers.
Can I disable this feature? Currently, no. Microsoft is rolling this out as a default security measure.
What should I do if I receive a high-risk warning? Exercise caution. Verify the caller’s identity independently before sharing any information.
Is this protection foolproof? No security system is perfect. Scammers are constantly evolving their tactics. Staying vigilant is crucial.

Microsoft’s Brand Impersonation Protection is a significant step forward in the fight against voice-based scams. It’s a clear indication that the future of VoIP security will be proactive, intelligent, and focused on protecting users from increasingly sophisticated threats. Staying informed and prepared is the best defense.

Want to learn more about protecting your organization from cyber threats? Explore our other articles on cybersecurity best practices or subscribe to our newsletter for the latest updates.

January 24, 2026 0 comments

Tech

AI reshapes cyber threats as experts warn on automation

by Chief Editor December 12, 2025

written by Chief Editor

AI‑Powered Threat Hunting: Faster, Smarter, but Still Human‑Centric

Security teams are racing to embed artificial intelligence into their hunt‑for‑baddies pipelines. AI can crunch millions of logs in seconds, spot anomalous patterns, and flag suspicious behavior before a traditional signature‑based system ever notices.

Yet experts warn that full automation is a double‑edged sword. An AI‑driven system that automatically isolates a compromised laptop might sound perfect—until it mistakenly shuts down a SCADA controller feeding a power plant. The cost of an unwarranted outage can dwarf any data breach.

“Technology alone won’t define resilience. The best teams hunt for behavior and intent, not just alerts,” says Dave Spencer, Director of Technical Product Management at Immersive.

Real‑World Example: The 2023 SolarWinds Incident

When the SolarWinds supply‑chain attack was uncovered, analysts discovered that static signatures failed to catch the novel backdoor. It was only after manual investigation of unusual network traffic that the breach was confirmed. Today, AI‑enabled UEBA (User and Entity Behavior Analytics) tools aim to spot such “behavioral drift” automatically, but a human analyst still validates the final decision.

IT/OT Convergence: Legacy Systems Meet Smart Controls

Industrial networks are no longer isolated islands. Information‑technology (IT) and operational‑technology (OT) environments are merging, creating a blended attack surface that mixes office‑level phishing with plant‑floor sabotage.

Older PLCs and legacy SCADA components often lack built‑in security, making them attractive footholds for attackers who can pivot into newer, AI‑enabled control systems.

“Success will depend on disciplined change management, exhaustive testing, and efficient use of maintenance windows,” warns Sam Maesschalck, Lead OT Cyber Security Engineer at Immersive.

Case Study: Ukrainian Power Grid Outage (2022)

Threat actors leveraged compromised VPN credentials to infiltrate the grid’s IT network, then moved laterally into OT devices that still ran outdated firmware. The incident sparked tighter NIST guidelines for IT/OT security and accelerated adoption of standards like ISA/IEC 62443.

Extortion 2.0: Data as Fuel for AI Models

Ransomware gangs are already selling stolen credentials on underground forums. The next wave could see criminals offering clean, labeled datasets to AI startups desperate for training material.

Because large language models thrive on high‑quality data, extortionists may demand higher premiums for “AI‑ready” datasets, turning data theft into a commodity market.

“Threat actors may threaten to sell stolen data to AI companies hungry for new training material,” predicts Ben McCarthy, Lead Cyber Security Engineer at Immersive.

Recent Trend: AI‑Assisted Malware

Proof‑of‑concept tools now let a malicious script call an LLM API to generate polymorphic code on the fly. This capability enables malware that adapts its payload in real time, evading static detection.

AI‑Driven Deception: The Rise of Hyper‑Realistic Social Engineering

Deepfake videos, AI‑generated voice clones, and personalized phishing lures are moving from novelty to everyday weapon.

When an AI can synthesize a CEO’s voice with perfect cadence, the “business email compromise” playbook becomes dramatically more convincing.

“Organizations that rely solely on technology, processes, and policies will fail,” says John Blythe, Director of Cyber Psychology at Immersive.

Did you know?

Building True Resilience: People, Process, and Technology

Resilience isn’t a checkbox; it’s a proven capability. Companies must demonstrate that automated defenses, legacy controls, and human operators can all respond in sync under pressure.

Key steps include:

Running continuous red‑team exercises that blend AI‑based attack simulations with manual phishing drills.
Maintaining an up‑to‑date asset inventory that spans both IT and OT environments.
Adopting zero‑trust principles that enforce granular, context‑aware access across converged networks.

Pro tip

FAQ

Will AI replace security analysts? No. AI augments analysts by filtering noise, but final judgement still rests with humans.
How can legacy OT devices be protected? Use network segmentation, strict access controls, and overlay security gateways that inspect traffic without altering device firmware.
Are deepfake attacks common today? They’re rising fast. A 2023 study by the FBI showed a 300 % increase in deepfake‑related fraud cases within a year.
What regulations address IT/OT security? Standards like ISA/IEC 62443, NIST 800‑82, and emerging EU CSDR guidelines set baseline controls for converged environments.
How should organizations test AI‑driven defenses? Conduct “attack‑in‑the‑loop” drills where AI tools generate simulated threats that analysts must investigate.

Next Steps for Your Organization

Ready to future‑proof your security posture? Start by mapping every asset—old PLCs, cloud workloads, and employee laptops—then layer AI‑enhanced monitoring on top of a solid zero‑trust framework. Finally, run regular, realistic tabletop exercises that blend AI‑generated phishing with hands‑on incident response.

Have thoughts on AI‑driven cyber threats? Contact us, share your experiences in the comments below, and subscribe to our newsletter for the latest insights.

December 12, 2025 0 comments

Tech

Securing Machine Identities in the AI and Automation Era

by Chief Editor May 20, 2025

written by Chief Editor

The Evolution of Machine Identities in AI and Automation

In recent years, the rapid adoption of artificial intelligence (AI) and automation technologies has significantly transformed the landscape of identity security. As companies pivot towards AI-driven operations, the concept of machine identities has become intrinsic to cybersecurity defenses. Machine identities, unlike human identities, demand rigorous management from their emergence to retirement. These identities are critical in enabling secure machine-to-machine communication and API integration across vast networks.

Through real-life scenarios, such as a financial institution implementing AI for fraud detection, we witness the heightened need for robust identity systems. These systems confront dynamic threats, emphasizing the importance of access controls and lifecycle management to thwart unauthorized access.

Innovative Approaches in Identity and Access Management (IAM)

The rise of advanced IAM solutions, like those offered by platforms involving secrets management tools such as Conjur, demonstrates how technology has evolved to meet the needs of modern infrastructure. These tools integrate within DevSecOps pipelines, providing just-in-time access and eliminating the vulnerabilities associated with static, long-term credentials.

A study in 2024 by Gartner highlighted a 40% increase in organizations adopting secrets management tools, suggesting a pivot towards automating IAM processes to bolster cybersecurity frameworks effectively.

AI’s Role in Thwarting Identity-Based Threats

As cybercriminals deploy AI-powered agents to exploit identity systems, defenders must employ similar technologies. Optiv’s approach encapsulates this strategy through the integration of AI-powered detection and response mechanisms. Leveraging AI not only helps in predicting potential threats but also in designing proactive defense strategies.

For instance, AI-powered systems capable of real-time anomaly detection help quickly identify and neutralize identity-based threats, resulting in a fortified security environment. As per a report by Forrester, companies using AI-driven security systems saw a reduction of 30% in their incident response time in 2023.

Criticality of API and Cloud Security

As businesses migrate services to the cloud, securing API hooks becomes more crucial than ever. The integration of comprehensive machine identity management solutions, like those offered by CyberArk and Optiv, underscores this need by providing robust mechanisms for permissions, secret management, and machine identity lifecycle oversight.

Organizations adopting integrated PKI management systems experienced a 25% improvement in their security posture, according to data from Deloitte’s 2024 Global Cloud Security Survey.

Frequently Asked Questions

What are machine identities?

Machine identities refer to the digital identifiers used by machines and software applications to authenticate and communicate securely with each other over networks.

Why is machine identity management critical?

Proper management is essential to prevent unauthorized access and potential compromise of organizational assets, ensuring that only legitimate entities can access and communicate within a network.

How does AI enhance identity management?

AI aids in automating detection and response processes, identifying patterns indicative of identity-based attacks, and optimizing access controls.

Pro Tips for Enhanced Identity Security

Did you know? Integrating AI into cybersecurity tools can lead to a 40% reduction in response times compared to conventional methods.

We hope this exploration into AI, automation, and identity security provides you with valuable insights. For further reading, explore our article on addressing machine identity challenges. Join the conversation in the comments below, or subscribe to our newsletter for more expert insights!

This HTML content is crafted to provide a structured and engaging exploration into the themes of AI, automation, and machine identity security. By blending informative content with interactive elements and strategic links, this article is designed to engage readers while providing value through practical insights and data-driven observations.

May 20, 2025 0 comments