Phishing Campaign Targets 200M Microsoft 365 Accounts

  /     /     /  
Publicated : 23/11/2024   Category : security


Phishing Campaign Targets 200M Microsoft 365 Accounts


A well-organized email spoofing campaign has been seen targeting financial services, insurance, healthcare, manufacturing, utilities, and telecom.



Update 12/11/2020: This story has been updated to include Microsofts statement regarding the attack.
A large-scale phishing campaign is targeting 200 million Microsoft 365 users around the world, particularly within the financial services, healthcare, insurance, manufacturing, utilities, and telecom sectors, Ironscales researchers report.
The attackers leverage a domain spoofing technique to create emails that appear to come from Microsoft Outlook ([email protected]). These emails attempt to use
urgent language
to trick people into using a new Microsoft 365 capability that lets account holders reclaim emails accidentally flagged as phishing or spam.
A link within the email promises to redirect readers to a security portal so they can review and act on so-called quarantine messages deemed suspicious by the Exchange Online Protection (EOP) filtering stack, researchers explain in a blog post. Victims who click the link will be asked to enter their Microsoft login credentials on a fake authentication page.
While impersonating the exact name and domain of a specific sender is technically more complex than other spoofing attacks, researchers warn this remains a common phishing tactic that even attentive security-savvy employees are likely to overlook if it arrives in their inbox.
To the naked eye, the most suspicious element of this attack would be the sense of urgency to view the quarantined messages or the unusualness of receiving this type of email solicitation,
researchers note
.
Organizations keen to mitigate their risk for this type of attack are advised to ensure their defenses are configured for Domain-based Message Authentication, Reporting, and Compliance (DMARC), an email authentication protocol built to block exact domain spoofing. In its report, researchers say Microsoft is not currently enforcing the DMARC protocol, meaning domain spoofing messages are not being rejected by gateway controls. 
In a statement, Microsoft says its platform has the capability to block these types of emails; however, its up to customers to ensure they have the proper controls enabled.
Contrary to claims in the third party report, Office 365 has rich in-built controls to block domain spoofing emails and enforces DMARC checks, a Microsoft spokesperson says. We encourage all customers to make sure they have deployed the latest security controls in Office 365, enabled multi-factor authentication for Office 365, and train their end users to observe caution when clicking on links from unknown senders. 
Microsoft 365 continues to be a popular target for cybercriminals, from attackers with little experience to advanced persistent threat (APT) groups following
enterprise victims
to the cloud. Some of these groups target businesses to steal information or gain additional access; some will target one corporation with the goal of eventually breaching another. Most of these advanced attackers seek long-term access that will let them dwell in an environment for years.
Some APT groups might acquire administrator credentials to breach a target Microsoft 365 environment; others might exploit flaws in how the platform validates configuration changes. Unskilled attackers might use business email compromise attacks to infiltrate a target organizations Microsoft account.
Campaigns like the one Ironscales detected underscore cybercriminals ability to develop increasingly subtle attacks. Research released from Vectra in October found attackers are
widely using
Microsoft 365 accounts to move laterally to other users and accounts within a target organizations to carry out command-and-control communications and other activities.
The Vectra study found lateral movement on 96% of Microsoft 365 customer accounts sampled. With 71% of the accounts, they noticed suspicious activity using Power Automate, a capability built into the platform, and 56% of accounts revealed similarly suspicious behavior using the eDiscovery tool in Microsoft 365.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Phishing Campaign Targets 200M Microsoft 365 Accounts