A new phishing-as-a-service (PaaS) called “FlowerStorm” is targeting Microsoft 365 users. Emerging in June 2024, FlowerStorm uses adversary-in-the-middle (AiTM) techniques to bypass multi-factor authentication (MFA) by mimicking legitimate login pages to steal credentials. This platform has quickly gained traction after the collapse of its predecessor, Rockstar2FA, in November 2024.
Researchers have observed that FlowerStorm shares advanced evasion techniques and a user-friendly interface with Rockstar2FA. Approximately 63% of targeted organizations and 84% of users are in the United States, affecting mainly services in manufacturing, retail, and financial sectors.
To counter FlowerStorm, authorities recommend using MFA with AiTM-resistant FIDO2 tokens, deploying email filtering solutions, and implementing DNS filtering to block suspicious domains. The rise of FlowerStorm underscores the ongoing threat of phishing-as-a-service platforms and the need for robust security measures to protect Microsoft 365 accounts.
#CyTech #cybernews #cybersecurity #ciso #cisoworkplace #Phishing #FlowerStorm #Microsoft
Leave a Reply