Hackers are targeting top executives to steal their work logins

Craig Hale

August 10, 2023 at 6:20 AM·2 min read

Analysts at cybersecurity firm Proofpoint have claimed high-level execs at some of the world’s leading companies are repeatedly targeted with credential-stealing attacks.

More alarmingly, according to the figures, around one-third (35%) of the compromised users observed over the past year had multi-factor authentication (MFA) enabled.

The attacks come amid a rise in cases of EvilProxy, a phishing tool based on a reverse proxy architecture, which Proofpoint says allows attackers to steal even MFA-protected credentials.

Account passwords are highly sought-after

Threat actors are now increasingly using Adversary-in-the-Middle (AitM) phishing kits (including the above-mentioned EvilProxy) to steal credentials and session cookies in real time.

> These are the best identity theft protection

> Beware - that email from HR could well be a phishing scam

> Watch out - that unexpected Microsoft alert could well be a phishing attack

The scale of the problem is only clear when Phishing-as-a-Service (PaaS) is unpacked. PaaS allows even technically challenged attackers to take part in credential-stealing activities.

In the three months leading up to June 2023, Proofpoint observed around 120,000 EvilProxy phishing emails being sent to hundreds of targeted organizations globally, with many targeting Microsoft 365 user accounts in particular.

Fortunately, an overview of the attacks has enabled Proofpoint to pinpoint some of the most common tactics when it comes to phishing attacks, including brand impersonation and cybersecurity scan blocking.

Another telltale sign of an attack could be that the attacker leads a victim down a multi-step path, via legitimate redirectors like YouTube, to the point where malicious cookies and 404 redirects execute an attack.

The firm recommends effective email monitoring with a strong business email compromise (BEC) prevention solution as well as other cloud and web security products. Regular cybersecurity training for staff is also an effective way to prevent mistakes by would-be victims, while those looking to take security even further can employ passwordless passkey authentication for eligible accounts.

Looking for a cybersecurity boost? How about using one of the best firewalls?

Yahoo Sports
Chiefs' Harrison Butker may be removed from kickoffs due to new NFL rules
Kansas City Chiefs special teams coach Dave Toub said kicker Harrison Butker may be removed from kickoffs. But not because of Butker's recent controversial remarks.
Yahoo Finance
Beware the retirement savings 'time bomb,' tax expert warns
Taxes are the "retirement time bomb," according to one tax expert. Here's what you can do now.
Yahoo Sports
White Sox's Tommy Pham says he's always prepared to 'f*** somebody up' after confrontation with Brewers' William Contreras
Chicago White Sox outfielder Tommy Pham told reporters he's always prepared to fight after an on-field confrontation with Milwaukee Brewers catcher William Contreras.
Yahoo Sports
Top running backs for 2024 fantasy football, according to our experts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Yahoo Sports
Aaron Judge finishes off torrid May by breaking a Babe Ruth and Lou Gehrig Yankees record
The Yankees slugger was struggling massively in April. He now leads MLB in home runs.
Yahoo Sports
Gable Steveson, Olympic gold medal winner and NCAA champion wrestler, signs with Bills
Olympic gold medal and two-time NCAA champion wrestler Gable Steveson has signed with the Buffalo Bills. He'll attempt to make the team as a defensive tackle.
Yahoo Finance
Ukraine’s best hope may be a faltering Russian economy
Sanctions are hurting Russia's economy more than President Vladimir Putin wants anybody to think. Keeping the pressure on might ultimately help Ukraine win.
Yahoo Sports
The Spin: Making a call on 5 slumping fantasy baseball stars
All five of these hitters were drafted highly in fantasy baseball leagues. So far, they have not lived up to their ADPs — and that's an understatement. Scott Pianowski analyzes.
Yahoo Sports
NASCAR: Austin Cindric wins at Gateway after Ryan Blaney's car slows on the final lap
Blaney appeared to run out of gas as he took the white flag.
Autoblog
Top 10 cars with drivers who get speeding tickets in 2024
The most recent study from Insurify lists the car models with drivers who have received the most speeding tickets so far in 2024.
Yahoo Finance
Warren Buffett's son Howard Buffett on his life as the potential next chairman of Berkshire Hathaway
Howard Buffett talks about life at Berkshire Hathaway and why he is donating hundreds of millions of dollars to Ukraine.
Yahoo Sports
Former 76ers player Drew Gordon, older brother of Nuggets starter Aaron Gordon, dies in car accident at 33
Drew Gordon played all over Europe after a college career at UCLA and New Mexico.
Yahoo Sports
Yankees' Juan Soto called out, Aaron Boone ejected on another bizarre infield fly interference play
Two runners have been called out for interference on an infield fly in the past week.
Yahoo Finance
Gen X is the 401(k) 'experiment generation.' Here's how that's playing out.
Nearly half of Gen Xers say their retirement savings are behind schedule, according to a new survey.
Yahoo Entertainment
How to watch ‘Below Deck Mediterranean’ Season 9: Where to stream the premiere, new cast list and more
It’s time for a new season of ‘Below Deck Mediterranean,’ but it won’t be all smooth sailing.
Yahoo Sports
Giants TE Darren Waller drops bizarre music video about recent divorce, complete with a fake Kelsey Plum
The video ends with the fake Plum stabbing Waller in the back.
Yahoo Sports
Trey Lance is close to 'being a master' of Cowboys offense, says coach Mike McCarthy
Dallas Cowboys coach Mike McCarthy praised quarterback Trey Lance, saying he's close to mastering the team's offense. Lance did not play last season.
Yahoo Sports
Charges against Scottie Scheffler dropped in police incident during PGA Championship
The World No. 1 is free of all charges stemming from a confrontation outside Valhalla Golf Club on May 17.
Yahoo Finance
Ford CEO on the future of EVs, Detroit, and his relationship with Tesla's Elon Musk
Ford CEO Jim Farley sits down for a new edition of Yahoo Finance's 'Opening Bid' podcast, sharing why the auto giant has spent $1 billion to rebuild a Detroit landmark, and why he remains bullish on EVs.
Yahoo Sports
Lashinda Demus will get her Olympic gold medal ... 12 years later
Demus will receive her gold medal at a ceremony at the foot of the Eiffel Tower during the 2024 Summer Olympics.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Hackers are targeting top executives to steal their work logins

Account passwords are highly sought-after

Recommended Stories

Chiefs' Harrison Butker may be removed from kickoffs due to new NFL rules

Beware the retirement savings 'time bomb,' tax expert warns

White Sox's Tommy Pham says he's always prepared to 'f*** somebody up' after confrontation with Brewers' William Contreras

Top running backs for 2024 fantasy football, according to our experts

Aaron Judge finishes off torrid May by breaking a Babe Ruth and Lou Gehrig Yankees record

Gable Steveson, Olympic gold medal winner and NCAA champion wrestler, signs with Bills

Ukraine’s best hope may be a faltering Russian economy

The Spin: Making a call on 5 slumping fantasy baseball stars

NASCAR: Austin Cindric wins at Gateway after Ryan Blaney's car slows on the final lap

Top 10 cars with drivers who get speeding tickets in 2024

Warren Buffett's son Howard Buffett on his life as the potential next chairman of Berkshire Hathaway

Former 76ers player Drew Gordon, older brother of Nuggets starter Aaron Gordon, dies in car accident at 33

Yankees' Juan Soto called out, Aaron Boone ejected on another bizarre infield fly interference play

Gen X is the 401(k) 'experiment generation.' Here's how that's playing out.

How to watch ‘Below Deck Mediterranean’ Season 9: Where to stream the premiere, new cast list and more

Giants TE Darren Waller drops bizarre music video about recent divorce, complete with a fake Kelsey Plum

Trey Lance is close to 'being a master' of Cowboys offense, says coach Mike McCarthy

Charges against Scottie Scheffler dropped in police incident during PGA Championship

Ford CEO on the future of EVs, Detroit, and his relationship with Tesla's Elon Musk

Lashinda Demus will get her Olympic gold medal ... 12 years later