A U.S. court order has allowed Microsoft to seize control of key domains controlled by fraudsters to halt criminal activity after an increase in scams targeting users of Office 365.
The U.S. District Court for the Eastern District of Virginia this week unsealed documents detailing a cat-and-mouse chase between Microsoft and a group of alleged state-sponsored fraudsters.
Originally observed by Microsoft’s Digital Crimes Unit (DCU) in December 2019, the group recently renewed its phishing techniques, switching from corporate messaging to scams exploiting the COVID-19 scare.
The civil case against the hackers produced a court order allowing the Windows maker to seize control of key criminal infrastructure. According to the announcement, the campaign appears to be state sponsored and targets business leaders with classic phishing and business email compromise (BEC) techniques.
“This malicious activity is yet another form of business email compromise (BEC) attack, which has increased in complexity, sophistication and frequency in recent years,” Microsoft says in a blog post.
But unlike the average phishing/BEC scam, in which attackers try to siphon credentials from the victim, this scheme goes for direct access to the victim’s Office 365 account.
“Once victims clicked on the deceptive links, they were ultimately prompted to grant access permissions to a malicious web application (web app),” Microsoft explains.
“Unknown to the victim, these malicious web apps were controlled by the criminals, who, with fraudulently obtained permission, could access the victim’s Microsoft Office 365 account,” the company says.
If successful, the attacker gained instant access to the victim’s email, contacts, notes and any content in the victims’ OneDrive for Business cloud storage space and corporate SharePoint document management and storage system.
The company advises Office 365 users to enable two-factor authentication on all business and personal email accounts and urges users to study up on devious phishing scams. Bitdefender also recommends using a trusted security solution on all personal devices.