FBI Issues Urgent Kali365 Security Warning For Teams, Outlook, OneDrive Users (thehill.com) 10
alternative_right shares a report from The Hill: The FBI released an urgent security warning to the public about a fast-acting scam targeting Microsoft 365 users on Teams, Outlook and OneDrive. The agency warned that the hacking platform Kali365 seeks out OAuth device codes, allowing scammers to sneak past multi-factor authentication codes, and without the need for a password, to access Microsoft accounts. Scammers will send a phishing email impersonating a trusted document-sharing service with a device code and instructions on how to verify, according to the FBI.
"Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities," the FBI stated. The platform is sold to scammers with a $250 per month subscription. The FBI, which first detected Kali365 in April, described the hacking platform as an "emerging Phishing-as-a-Service platform." Hackers with limited skills can access advanced phishing tools through the platform, according to NordPass.
"Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities," the FBI stated. The platform is sold to scammers with a $250 per month subscription. The FBI, which first detected Kali365 in April, described the hacking platform as an "emerging Phishing-as-a-Service platform." Hackers with limited skills can access advanced phishing tools through the platform, according to NordPass.
Re:Damn (Score:5, Funny)
They'd run it again today anyway.
Re: (Score:2, Funny)
Looks like LLM-assisted attacks become noticeable (Score:3)
Well, time to fix all that crappy software. Or else.
Re: (Score:2)
They can't. They laid off all the engineers once they got the A.I.
But that previous quarter's numbers were so impressive...
Re:Looks like LLM-assisted attacks become noticeab (Score:4, Funny)
maybe they can pass a law banning AI use for illegal purposes... or atleast for kids under 16
Re:Looks like LLM-assisted attacks become noticeab (Score:4, Insightful)
They can't. They laid off all the engineers once they got the A.I.
This raises an interesting question. We've seen situations where AI will behave in unpredictable ways to keep itself on track to complete whatever task it has been given. How long do you suppose it will be before some AI system is being used by developers on one hand, and hackers / crackers on the other, and it will intentionally leave in holes on the development side that it's cracker side can then exploit?
I love that software is finally catching up with the real world. Now we can have virtual scams built on top of a world that's essentially scams from top to bottom.
Re: (Score:2)
Not yet. This would require some level of AI "agent" collaboration that is not really possible at this time without breaking basically everything. But model poisoning is already very feasible and probably done in practice, especially as the amount of poisoned training data needed does not seem to be large.
Is Kali365 derived from Kali Linux? (Score:2)
Fast-acting scam targeting Microsoft 365 users on (Score:3)