Microsoft has sunk a massive Office 365 email hijacking campaign
Second major BEC campaign uncovered in as many months
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Researchers atMicrosoft 365Defender have dismantled thecloud computinginfrastructure that was used to orchestrate a large-scalebusiness emailcompromise (BEC) campaign.
In ajoint blog post, Stefan Sellmer, fromMicrosoft365 Defender Research Team, and Nick Carr, from Microsoft Threat Intelligence Center (MSTIC) share details about the malicious cloud infrastructure that was spread across multiple web services.
Thecybersecurityresearchers shared that the campaign compromised mailboxes using phishing and forwarding rules, with the intention of getting their hands on emails about financial transactions.
“This investigation also demonstrates how cross-domain threat data, enriched with expert insights from analysts, drives protection against real-world threats, both in terms of detecting attacks through products likeMicrosoft Defenderfor Office 365, as well as taking down operations and infrastructures,” write the researchers.
This campaign comes on the heels of another similarlycomprehensive, but poorly executedBEC campaign that used over a hundred typo-squatteddomains.
Stealth attacks
Microsoft’s analysis revealed that the attackers relied on a robust cloud infrastructure to automate their operations at scale.
The attackers also found a way around the use of multi-factor authentication (MFA) by exploiting legacy protocols such as POP3/IMAP, which the targets had forgotten to disable.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Unraveling the attack vectors in this BEC attack, the researchers note that the campaign goes to show the stealthy nature of email-based campaigns that blend into legitimate traffic.
The researchers also used the opportunity to show some of the mechanisms built into Office 365, which help it defend users against such BEC campaigns, including the use of Artificial Intelligence (AI) to detect anomalous behavior.
They conclude by stressing on the importance of framing a comprehensive defense strategy, which includes both pre-breach and post-breach steps of action.
ViaBleepingComputer
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
This new malware utilizes a rare programming language to evade traditional detection methods
A new form of macOS malware is being used by devious North Korean hackers
ICYMI: the week’s 7 biggest tech stories from Kindle Colorsoft yellowing woes to our PS5 Pro review
