Large-Scale Phishing Attacks Targeting Microsoft Enterprise Email Services

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Security researchers from ThreatLabz have uncovered a new strain of a large-scale phishing campaign using adversary-in-the-middle (AiTM) techniques along with several evasion tactics.

According to an advisory published by the company on Tuesday, similar AiTM phishing techniques were used in a separate phishing campaign described by Microsoft last month.

Now, ThreatLabz revealed that using intelligence gathered from the Zscaler cloud, it observed an increase in the use of advanced phishing kits in a large-scale campaign in June.

The security firm explained the new campaign stood out from “commonly seen” phishing attacks for a number of reasons.

Firstly, just like the campaign spotted by Microsoft, it used AiTM to bypass multi-factor authentication (MFA). Secondly, it used several evasion techniques across various stages of the attack designed to bypass typical email security and network security solutions.

In fact, based on the data analyzed by ThreatLabz, the company believes the campaign is specifically designed to reach end users in enterprises that use Microsoft’s email services. 

“Business email compromise (BEC) continues to be an ever-present threat to organizations and this campaign further highlights the need to protect against such attacks,” the advisory read.

According to ThreatLabz, all these phishing attacks begin with an email sent to the victim with a malicious link, and the campaign is active at the time of writing, with new phishing domains being registered almost every day by the threat actors.

“Based on our cloud data telemetry, the majority of the targeted organizations were in the fintech, lending, finance, insurance, accounting, energy and federal credit union industries,” ThreatLabz said.

Additionally, the firm said most of the targeted organizations were located in the United States, the United Kingdom, New Zealand and Australia.

To protect against these attacks, ThreatLabz said multi-factor authentication (MFA) should be used, but not be considered a silver bullet.

“With the use of advanced phishing kits (AiTM) and clever evasion techniques, threat actors can bypass both traditional as well as advanced security solutions.”

As an extra precaution, ThreatLabz explained users should not open attachments or click on links in emails sent from untrusted or unknown sources. 

“As a best practice, in general, users should verify the URL in the address bar of the browser before entering any credentials.”

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

State-Sponsored Espionage Campaign Exploits Cisco Vulnerabilities
Bitcoin scams, hacks and heists – and how to avoid them
US Congress Passes Bill to Ban TikTok
North Korea’s Lazarus Group Deploys New Kaolin RAT via Fake Job Lures
Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

Leave a Reply

Your email address will not be published. Required fields are marked *