A U.S. court
order has allowed Microsoft to seize control of key domains controlled by
fraudsters to halt criminal activity after an increase in scams targeting users
of Office 365.
The U.S.
District Court for the Eastern District of Virginia this week unsealed
documents detailing a cat-and-mouse chase between Microsoft and a group of alleged
state-sponsored fraudsters.
Originally
observed by Microsoft’s Digital Crimes Unit (DCU) in December 2019, the group
recently renewed its phishing techniques, switching from corporate messaging to
scams exploiting the COVID-19 scare.
The civil
case against the hackers produced a court order allowing the Windows maker to
seize control of key criminal infrastructure. According to the announcement,
the campaign appears to be state sponsored and targets business leaders with
classic phishing and business email compromise (BEC) techniques.
“This
malicious activity is yet another form of business email compromise (BEC)
attack, which has increased in complexity, sophistication and frequency in
recent years,” Microsoft says in a blog post.
But unlike the
average phishing/BEC scam, in which attackers try to siphon credentials from
the victim, this scheme goes for direct access to the victim’s Office 365
account.
“Once
victims clicked on the deceptive links, they were ultimately prompted to grant
access permissions to a malicious web application (web app),” Microsoft
explains.
“Unknown to
the victim, these malicious web apps were controlled by the criminals, who,
with fraudulently obtained permission, could access the victim’s Microsoft
Office 365 account,” the company says.
If
successful, the attacker gained instant access to the victim’s email, contacts,
notes and any content in the victims’ OneDrive for Business cloud storage space
and corporate SharePoint document management and storage system.
The company advises Office 365 users to enable two-factor authentication on all business and personal email accounts and urges users to study up on devious phishing scams. Bitdefender also recommends using a trusted security solution on all personal devices.