Cybercrime Has Gone Corporate – Here’s What You Need to Know
Cybercrime isn’t just a lone hacker in a dark room anymore. It’s now a full-blown business model called Cybercrime-as-a-Service (CaaS).
This global operation is autonomously stealing credentials from genuine logins to the Microsoft ecosystem and these accounts are being indexed into this intelligence gathering criminal service. NZ businesses are falling into the trap big time and now we are being systematically targeted by this global operation.
What makes this scary? These attacks are stealthy. They often go unnoticed for days or even weeks, until it’s too late. Based on a very limited snapshot – we suspect thousands of NZ business are already compromised – and just don’t know it yet.
We are currently working with experts to stay ahead of this rapidly evolving situation and since being able to dissect an actual attack – and have already used this knowledge to catch several other compromises before they evolved into a full attack mode.
The biggest risk right now is the sheer number of imminently compromised accounts here in NZ which makes this scam exponentially more successful as they gain access to more accounts.
These are your Friends, Family, Vendors, Subcontractors, Bosses, Employees – any number of people within your trusted circles (maybe more than 1 or 2 of them) who may be already compromised and may contact you via any number of means.
It will come in the form of a legitament File Share from Sharepoint, or perhaps a form from your insurance broker, but what ever it is – it will be something you are least likely to suspect as “out of the ordinary” for that person.
We share here what we know about this attack – to (a) raise awareness of this alarming new threat and (b) give people some basic tips to detect and minimise risks.
Anatomy of an Attack
Here’s what we’ve seen firsthand:
- Step 1: Credential Theft:
Hackers grab your login details during normal sessions—without raising alarms. - Step 2: Sold on the Dark Web
Your credentials can be sold multiple times to different criminal groups. - Step 3: Silent Access
Attackers use the CAAS Botnet (comprising largely of infected home computers worldwide) to log in quietly, and gather intelligence and data from your organization, and learn about your business. We suspect based on the volume of exfiltration so quickly – this is AI driven intelligence so it can gather intelligence very quickly – with Humans calling the shots on what to act on, or do. - Step 4: Fraud & Damage
Once they know your relationships, they strike—like sending fake invoices to redirect payments. Or any number of attack vectors which the account has been profiled as being ‘susceptible’ to.
The worst part? Standard alerts don’t catch this because nothing obvious changes—no password resets, no permission tweaks.
By operating stealthily – they fly under the radar to maintain the session access for longer – and hence preserve the value of their botnet which they sell will access to on the dark web – the same as when you subscribe to a service online.
Why This Matters
- MFA alone won’t save you: Hackers steal the token you approve and reuse it.
- One breach = many attacks: Financial fraud, ransomware, data theft—you name it.
- Local risk: NZ home networks are being used as part of global botnets.
What Can You Do?
You don’t need expensive Microsoft licences to start protecting yourself. Microsoft sign-in logs can help spot suspicious activity like:
- Logins from different countries within minutes.
- Impossible travel (Auckland then Texas in 5 minutes? Red flag).
- Sessions lasting unusually long or coming from strange locations.
Stronger Defenses
- Use Conditional Access policies to block risky locations and enforce secure devices.
- Disable old protocols like POP/IMAP.
- Consider moving toward passwordless authentication for the best protection.
Bottom Line
Cybercrime-as-a-Service is real, and it’s growing fast. One stolen login can lead to a cascade of attacks. Awareness and proactive steps are your best defense.
If you’re concerned about your business security or want to improve your resistance, reach out to a trusted Managed Service Provider (MSP) today. They can help you assess your risks and put stronger protections in place.
🔍 Think you’ve received a suspicious email? Use the official NZ Government Scam Check tool here:
https://www.ownyouronline.govt.nz/business/scam-check/email/