Microsoft has sunk a massive Office 365 email hijacking campaign

Researchers at Microsoft 365 Defender have dismantled the cloud computing infrastructure that was used to orchestrate a large-scale busin...

Researchers at Microsoft 365 Defender have dismantled the cloud computing infrastructure that was used to orchestrate a large-scale business email compromise (BEC) campaign.

In a joint blog post, Stefan Sellmer, from Microsoft 365 Defender Research Team, and Nick Carr, from Microsoft Threat Intelligence Center (MSTIC) share details about the malicious cloud infrastructure that was spread across multiple web services.

The cybersecurity researchers shared that the campaign compromised mailboxes using phishing and forwarding rules, with the intention of getting their hands on emails about financial transactions.

“This investigation also demonstrates how cross-domain threat data, enriched with expert insights from analysts, drives protection against real-world threats, both in terms of detecting attacks through products like Microsoft Defender for Office 365, as well as taking down operations and infrastructures,” write the researchers.

This campaign comes on the heels of another similarly comprehensive, but poorly executed BEC campaign that used over a hundred typo-squatted domains.

Stealth attacks

Microsoft’s analysis revealed that the attackers relied on a robust cloud infrastructure to automate their operations at scale. 

The attackers also found a way around the use of multi-factor authentication (MFA) by exploiting legacy protocols such as POP3/IMAP, which the targets had forgotten to disable.

Unraveling the attack vectors in this BEC attack, the researchers note that the campaign goes to show the stealthy nature of email-based campaigns that blend into legitimate traffic.

The researchers also used the opportunity to show some of the mechanisms built into Office 365, which help it defend users against such BEC campaigns, including the use of Artificial Intelligence (AI) to detect anomalous behavior.

They conclude by stressing on the importance of framing a comprehensive defense strategy, which includes both pre-breach and post-breach steps of action.

Via BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/3wySrV6
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,183,Video,5,XIAOMI,13,YouTube - 9to5Google,182,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Microsoft has sunk a massive Office 365 email hijacking campaign
Microsoft has sunk a massive Office 365 email hijacking campaign
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2021/06/microsoft-has-sunk-massive-office-365.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2021/06/microsoft-has-sunk-massive-office-365.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy