Hacker's Favourite Brand to Impersonate in 36.6% of Phishing Attacks
This brand is among the most reputed organizations in the IT world, which has also made them the biggest candidate for #impersonation. An article by investing.com stated that 70% of organizations/businesses worldwide use this brand for their cloud services, making it the most targeted platform for hackers. In 2021 alone, 36.6% of phishing attacks were carried out by impersonating the product pages of this company, as reported by the Indian Express.
The brand, Microsoft is the most targeted brand for impersonation with over 11,000 phishing URLs/websites. Phishers aim to steal valuable data from Microsoft 365 applications due to their popularity among SMBs and enterprises.
Are you able to point out the mistakes or indicators of phishing in the above snap of email?
Major Cyber Attacks that Led by Microsoft Impersonation
Microsoft Partner Accounts Employed for OAuth Application
Recently, there was a "consent phishing campaign" that tricked Microsoft into verifying #fake #Zoom accounts. The attackers used fake partner accounts to add a verified publisher to their OAuth app registrations on Azure AD. The attack began on December 6, 2022, and involved #malicious OAuth apps impersonated as "Single Sign-on (SSO)" and "Meeting." These apps were used in a #phishingcampaign to steal emails from targeted companies.?
The attack was successful in bypassing Microsoft's security measures and could have resulted in #compromised user accounts, data exfiltration, and #BEC fraud. This attack highlights how sophisticated modern threat actors have become and how OAuth apps can be misused to target cloud services.?
Do you find the identification of impersonation in the above image difficult too?
This is not the first time such attacks have been documented, as previous incidents were reported in January and September 2022. Microsoft responded by disabling fake Microsoft Partner Network (MPN) accounts used to create malicious OAuth applications.
Microsoft Bing’s Search Engine Codes Compromised
Last year in March 2022, the Lapsus$ cybercriminal group claimed to have dumped extensive source code from Microsoft's Bing search engine, Bing Maps, and Cortana. Screenshots were also posted that seem to show Lapsus$ in control of an Okta administrative or "super user" account.
#Lapsus$, a notorious #hackersgroup launched a massive #phishingcampaign targeting Microsoft's employees. This is particularly alarming because Microsoft uses #Okta, a widely-used identity management platform that many large organizations rely on for secure logins. In the past, similar attacks have occurred when hackers gained access to administrative or support accounts with the ability to modify customer accounts.
To make matters worse, Lapsus$ also claimed responsibility for publishing extensive source code from Microsoft's Bing search engine, Bing Maps, and Cortana virtual assistant software on their Telegram channel. They even shared screenshots that appear to show that they had control of an Okta administrative or "super user" account on January 21st.
Lapsus$ has also been accused of stealing #sourcecode and #confidential #data from other well-known organizations, including #Nvidia, #Samsung, and #Ubisoft, and leaking it as a form of #extortion. These incidents highlight the need for strong #security #measures to protect against hacking groups like Lapsus$ and the importance of ensuring that all employees are properly trained on how to identify and prevent phishing attacks.
领英推荐
Check out a blog on Impersonation Attacks Led By Email Phishing and Spoofing
Microsoft Team Impersonation Attack
The COVID-19 #pandemic has led to an increase in the usage of Microsoft Teams, making it a popular target for cyber attackers. During those times, attackers attempted to steal login credentials for Office 365 by impersonating #MicrosoftTeams in a #credentialphishing attack. The attackers used phishing emails that pretended to be "automated notification emails" from Microsoft Teams to lure unsuspecting victims.
Cyber attackers are using landing pages that are nearly indistinguishable from legitimate Microsoft Teams web pages. The attackers copy imagery from actual notifications and emails to make the attack difficult to detect. To bypass #malicious link detection mechanisms employed by legacy email protection services, attackers use multiple URL redirects. When a user clicks on a link, an image prompts them to login to Microsoft Teams.?
However, the image redirects the user to a compromised page that impersonates the Microsoft Office login page. This deceptive technique requires users to exercise caution when clicking on links or providing sensitive information, especially if the request seems unusual or unexpected.
Staying cautious and #vigilant is crucial in protecting oneself against such attacks, particularly when it comes to clicking on links or downloading attachments from unfamiliar sources.
Check out a blog on What is Spear Phishing Attack and How Can It be Prevented?
Microsoft 365 Users Fell Victim to Business Email Compromise (BEC)
A phishing campaign has targeted over 10,000 organizations' Office 365 users since September 2021. Despite the multi-factor authentication (MFA) set up to safeguard these accounts, the campaign has been successful.
Cyber attackers are using proxy servers and phishing websites to acquire users' #passwords and session cookies. Their objective is to gain access to finance-related emails and take control of ongoing email threads, ultimately enabling them to execute payment fraud and BEC campaigns against other targets. The attackers have demonstrated a high level of sophistication, with Microsoft researchers identifying the techniques used to bypass #MFA and access sensitive information.
The attackers in a phishing campaign are using a fake Azure AD sign-in page to steal login credentials and perform payment fraud. They are bypassing MFA with the Evilginx2 phishing kit. To strengthen MFA against phishing attacks, organizations should adopt solutions supporting FIDO v2.0 and certificate-based authentication.
Check out a blog on How Effective Security Awareness Training Really Is?
Microsoft is a Tech Giant, Is Your Cybersecurity Too?
Gartner recently published an article, citing that 50% of the CISOs want their cybersecurity to be human centric. The rising number of social engineering attacks are notable evidence as every year IBM’s security breach report is filled with statistics of attacks such as smishing, whatsapp phishing, ransomware led by phishing, etc., with alarming percentage. The Cyberthreat Defense Report also cited that low security awareness among the employees are the biggest perpetrators of these impersonation attacks. CISOs are concerned about these factors and shifting their focus to employee security. Are you confident about your employees abilities to defend email impersonation and phishing attacks? Check out more about security awareness training and its effectiveness among employees.
Read more articles