Microsoft has obtained a court order this month allowing the company to seize control of six domains that were used in phishing operations against Office 365 customers, including in campaigns that leveraged COVID-19 lures.
According to court documents obtained by ZDNet, Microsoft has targeted a phishing group that has been targeting the company’s customers since December 2019.
The phishers operated by sending emails to companies that hosted email servers and enterprise infrastructure on Microsoft’s Office 365 cloud service.
The emails were spoofed to look like they came from fellow employees or a trusted business partner. This particular phishing operation was unique because attackers didn’t redirect users to phishing sites that mimicked the Office 365 login page.
Instead, hackers touted an Office document. When users tried to open the file, they were redirected to install a malicious third-party Office 365 app created by the hackers.
ith BEC attacks.
BEC stands for business email compromise and is a form of cybercrime. In a BEC scheme, threat actors send emails to companies, posing as employees, upper management, or trusted business partners, and ask victims to make business transactions that usually end up in the attacker’s bank accounts.
The goal of a BEC scam is to use hacked email accounts or insider knowledge to social engineer (trick) victims into modifying transaction details or make payments without following proper procedures.
BEC scams are, by far, today’s top cybercrime category. In February, the FBI said that BEC scams accounted for half of the cybercrime losses reported to the FBI Internet Crime Complaint Center (IC3) in 2019.
Per the FBI, companies lost $1.77 billion to BEC scams in 2019, with an average loss of $75,000 per report.
This case also marks the fourth time in the past year when Microsoft filed a legal case to take control of malicious domains:
- March 2020 – Microsoft legal team seizes control over domains operated by the Necurs botnet.
- December 2019 – Microsoft takes down 50 domains operated by North Korean state-sponsored hackers.
- March 2019 – Microsoft takes control of 99 domains operated by Iranian government-backed hackers.
In addition, in April this year, Microsoft also bought the corp.com domain, for security reasons, so it wouldn’t fall in the wrong hands.
Looking for a new IT Managed Service Supplier? The Cloud Consultancy are the MSP of Choice.