Microsoft 365: A tool designed to strengthen the security of Microsoft 365 corporate users is being used for sophisticated and automated phishing attacks. The discovery, revealed on Wednesday (21), was made by Vade, a French firm specializing in cybersecurity.
The feature being exploited in these new cyber attacks is the custom login page for the online version of Microsoft’s suite of applications. Interestingly, the functionality is used by many companies to precisely prevent phishing attempts.
“With high levels of organization”, criminals are able to convincingly replicate personalized pages, obtaining the logo and background image of any organization running Microsoft 365. allowing access to accounts on the service.
In an interview with VentureBeat, the company’s senior sales engineer, Thomas Briend, said that a campaign launched by cyber criminals affected large companies, but did not detail the number of victims. Among them are a European airline and a well-known newspaper, whose names have not been revealed.
For Briend, the best way to minimize risks is to invest in security solutions capable of identifying phishing emails, a means used to reach victims. The tools need to thoroughly inspect the message supposedly sent by Microsoft and also the URL linked to it.
“Any defensive solution should be able to follow this link all the way — to the phishing page — and inspect it from the top down: the text, images and code,” explained the expert. This way, it is possible to avoid the redirect done after opening the email, even if the message is not detected as malicious.
He also cites the need to conduct biannual training with employees, informing them about the latest threats and educating them to identify the latest social engineering techniques.