Six domains used in COVID-19 phishing attacks seized
Through court order, Microsoft has obtained control of six domains that were used in phishing operations aimed toward Office 365 customers. These phishing operations used COVID-19 as a lure.
This two-person phishing operation has been targeting Microsoft’s customers since December 2019.
These hackers would send emails to companies that hosted email services and enterprise infrastructure using Microsoft’s Office 365 cloud service.
The emails that the duo sent were spoofed in order to look like they came from co-workers in their company, or a trusted business partner.
Those emails contained an Office file that, when opened, would redirect the user to install a malicious third-party Office 365 app that the hackers created.
If the app was installed, the hackers were granted full access to the victim’s Office 365 account, all account settings, and the user’s files. On top of that, the content of their emails, contact lists, and notes were also fully accessible.
By accessing the user’s accounts this way, the hackers did not need to collect the user’s passwords.
The app itself was made to look like it was created by Microsoft. It appeared to be an official and safe-to-use application.
These hackers used a clever trick that initially took users to the official Microsoft login page, then redirected them to the malicious app once the login authentication succeeded.
The six domains Microsoft seized that were used to host the malicious Office 365 apps are officeinventorys.com, officehnoc.com, officesuited.com, officemtr.com, officesuitesoft.com, and mailitdaemon.com.
Initially, the hackers used a business-related theme in their operations, but switched to a COVID-19 theme once the global pandemic became prevalent.
Tom Burt, Corporate Vice President of Customer Security & Trust at Microsoft, stated in a blog post that the malicious third-party apps were used to gain insights into victims’ inner structure in order for the attackers to follow up with BEC attacks.
Business Email Compromise (BEC) is a form of cybercrime that starts with the hackers posing as employees in the same company as the victims. The hackers then ask victims to make business transactions that usually end up in the attacker’s bank accounts.
As per the FBI, in 2019 companies lost $1.77 billion to BEC scams, with an average loss of $75,000 per report.
As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648
RHYNO Networks was designed to meet the needs of the IT marketplace. Specifically, to offer businesses skilled, timely IT services in order for them to focus on their business. We’re dedicated to the principles of Reliability, Innovation and Customer Service.