The team at KnowBe4 Threat Labs has uncovered an emerging advanced phishing campaign targeting Microsoft 365 users globally to steal their credentials. This powerful new phishing kit, which KnowBe4 have named ‘Quantum Route Redirect’, was initially discovered in early August. Quantum Route Redirect comes with a pre-configured set up and phishing domains that significantly simplifies a once technically complex campaign flow, further “democratising” phishing for less skilled cybercriminals. It is thought to primarily target Microsoft 365 users.
Removing Barriers of Entry
Quantum Route Redirect bundles several capabilities that remove technical barriers to running a sophisticated phishing campaign: it uses behavioural detection to distinguish automatically between human and automated traffic, and intelligent routing to sort visitors without manual intervention. It also provides a a simplified analytics dashboard that presents comprehensive victim data – including location, device type and browser information – in an intuitive format. The platform also includes real-time monitoring displays campaign performance and success metrics so operators need no specialised technical expertise.
According to KnowBe4, the Phishing-as-a-Service (PhaaS) platform is capable of distinguishing between security tools and genuine users, directing the former to legitimate websites while sending the latter to the phishing version. This technique enables it to bypass URL scanners and certain web application firewalls. The platform also includes user-friendly features designed to support less technically skilled cybercriminals, such as a configuration panel for managing redirect rules, settings and routing logic; monitoring dashboards displaying traffic analytics; intelligent traffic routing to automatically sort visitors; and an analytics dashboard showing details such as victim location, device type and browser information.
To Carry Out An Attack
From the target’s perspective, these campaigns typically begin with a phishing email. Attackers usually cast a wide net using a range of themes and tactics designed to maximise victim engagement. These often include impersonation of services such as DocuSign and other agreement platforms, payroll-related scams, fake payment notifications, fraudulent “missed voicemail” messages, and QR code phishing (also known as quishing).
When the hyperlink is first activated, either by a security tool (bot) scanning it or by a person clicking on it, the request is intercepted by Quantum Route Redirect and sent for processing. The platform’s central routing engine then analyses all incoming traffic, using behavioural analysis to distinguish intelligently between bots and humans. Acting as both a classifier and router, the engine determines the appropriate destination for each request.
If the traffic is identified as originating from a bot, it is redirected to a safe URL, preventing access to the real phishing site. This protects the malicious infrastructure from exposure by security scanners and increases the likelihood that a genuine user will interact with the email, unless it is blocked by other detection mechanisms. Conversely, if the visitor is recognised as human, they are redirected to the actual phishing website, where attackers attempt to harvest Microsoft 365 credentials.
The Quantum Route Redirect system also provides administrative access for the cybercriminals operating these campaigns, featuring two streamlined management interfaces: a configuration panel for managing redirect rules, settings and routing logic, and a visitor statistics dashboard offering analytics such as traffic data to assess campaign performance.
Global Impact
This campaign has successfully compromised victims across 90 countries, demonstrating remarkable international reach. The US has borne the brunt of the attacks so far, accounting for 76% of affected users, while the remaining 24% are distributed worldwide, making the scope of this threat truly global.
What Should Organisations Do?
KnowBe4 advised security teams to implement a multi-layered defence strategy that incorporates a range of protective measures. These include using natural language processing (NLP) and natural language understanding to analyse email content, alongside URL and payload analysis, domain and impersonation detection, and polymorphic detection techniques. Sandboxing can be employed to inspect suspicious emails, while continuous monitoring helps identify potential account compromise. A human risk management (HRM) platform with advanced behavioural analytics, product telemetry and threat intelligence can generate individual risk scores, enabling personalised user training. In addition, email threat intelligence should be used to inform company-wide education initiatives, supported by rapid incident response procedures designed to isolate compromised users, block access and conduct digital forensics.
The post Quantum Route Redirect: The Phishing Tool Simplifying Global Microsoft 365 Attacks appeared first on IT Security Guru.
The original article found on IT Security Guru Read More
