has filed a civil suit before the U.S. District Court for the Eastern District of Virginia turned off six domains that were used for fraudulent activity. The Microsoft Digital Crimes Unit (DCU) has been targeting cybercriminals since December 2019. The hackers tried to use the Covid19 crisis for phishing attacks and were active in 62 countries.
According to Microsoft, the attackers used oneThird-party 365 application to get all necessary access to users’ accounts without having to collect their passwords – they were given an OAuth2 token instead.
Some of these phishing attacks have been successful for three reasons. The first reason is that the application is designed as if it was created by Microsoft and is an official and safe to use application.
The second reason was that the Office 365 environment is geared towards the modularity of third-party applications that are either self-created or available in the Office 365 AppSource Store, and that users are used to installing applications on a regular basis.
Third, the hackers used a clever technique in which the application’s installation link initially led users to Microsoft’s official login page. However, the attackers used a trick to redirect users to the malicious application after successful authentication, giving users the impression that they were using an application verified by Microsoft.
Microsoft filed a civil lawsuit on June 30 this year, targeting six domains that hackers hosted their malicious Office 365 applications. Microsoft believes there are at least two people behind this phishing action. The company found that the group’s first attacks began on business-related issues, but quickly shifted to emails containing coronavirus documents when COVID-19 became a global pandemic.
In a blog post, Tom Burt, Corporate Vice President, Customer Security & Trust at Microsoft, explained that the malicious third-party applications were used to gain insight into the victim’s infrastructure so that the attackers could then use Business Email Compromise (BEC ) Attacks could start.
In a BEC attack, hackers email companies that claim to be employees, officers, or trusted business partners, prompting victims to conduct business transactions that typically end up in the attacker’s bank accounts.
The goal of a BEC scam is to use hacked email accounts or inside knowledge to get victims to change transaction details or make payments without following the correct procedures.
BEC scams are by far the most important category of cybercrime. In February, the FBI announced that BEC scams accounted for half of cybercrime losses.
According to the FBI, companies lost $ 1.77 billion in 2019 through BEC scams, with an average loss of $ 75,000 per report.
Microsoft advises companies to use multi-factor authentication to ward off BEC attacks and to learn about current phishing techniques.
This case marks the fourth time in the past year that Microsoft has initiated legal proceedings to take control of malicious domains:
March 2020 – The Microsoft legal team takes control of the domains operated by the Necurs botnet.
December 2019 – Microsoft topples 50 domains operated by North Korean government-sponsored hackers.
March 2019 – Microsoft takes control of 99 domains operated by hackers supported by the Iranian government.
In addition, Microsoft also bought the corp.com domain in April of this year for security reasons so that it does not fall into the wrong hands.