Hackers use fake Microsoft apps to steal login details
Infoblox 2025 DNS Threat Landscape Report reveals surge in AI-driven threats and malicious adtech
CISO news
Hackers use fake Microsoft apps to steal login details
ybersecurity firm Proofpoint has issued a warning about a new and sophisticated phishing campaign that is actively
C targeting Microsoft 365 users. The attacks are bypassing a key security measure called multi-factor authentication( MFA) to steal sensitive login credentials.
Hackers are creating convincing, but fake, Microsoft applications that impersonate well-known companies like RingCentral, Adobe, and DocuSign. These malicious apps are then used as a lure in phishing emails. When a user clicks on a link, they are taken to what looks like a legitimate Microsoft sign-in page, designed to trick them into entering their username and password.
Even more worryingly, the criminals are using special software known as‘ attacker-in-the-middle’( AiTM) kits, which can steal a user’ s security token in real time. This allows them to bypass MFA, a defence that many organisations rely on to protect accounts.
Microsoft has released new updates to its 365 platform which are expected to make this type of attack more difficult. However, Proofpoint is urging organisations to be extra vigilant and to educate their employees on the dangers of this new threat. They also recommend using stronger security measures like FIDO-based security keys.
Proofpoint is based iCalifornia, but has a global presence with offices in multiple countries, including Australia, Canada, France, Germany, Ireland, Israel, Japan, Netherlands, Singapore, UAE, and the UK.
Infoblox 2025 DNS Threat Landscape Report reveals surge in AI-driven threats and malicious adtech
nfoblox, a leader in cloud networking and security services, has released its 2025 DNS Threat Landscape Report,
I revealing a dramatic surge in DNS-based cyberthreats and the growing sophistication of adversaries leveraging AI-enabled deepfakes, malicious adtech and evasive domain tactics.
Based on pre-attack telemetry and real-time analysis of DNS queries from thousands of customer environments with over 70 billion DNS queries per day, the report offers a comprehensive view into how threat actors exploit DNS to deceive users, evade detection and hijack trust.
Top findings
• Daily detection of DNS tunneling, exfiltration and command and control, including Cobalt Strike, Sliver, and custom tools, which require ML algorithms to detect
“ This year’ s findings highlight the many ways in which threat actors are taking advantage of DNS to operate their campaigns, both in terms of registering large volumes of domain names and also leveraging DNS misconfigurations to hijack existing domains and impersonate major brands,” said Dr. Renée Burton, head of Infoblox Threat Intel.“ The report exposes the widespread use of traffic distribution systems( TDS) to help disguise these crimes, among other trends security teams must look out for to stay ahead of attackers.”
• 100.8 million newly observed domains in the past year, with 25.1 % classified as malicious or suspicious
• 95 % of threat-related domains were observed in only one customer environment, underscoring the challenges to the security industry to detect and stop threats
• 82 % of customer environments queried domains associated with malicious adtech, which rotate a massive number of domains to evade security tools and serve malicious content
• Nearly 500k traffic distribution system( TDS) domains were seen in the last 12 months within Infoblox networks
10 WWW. INTELLIGENTCISO. COM