Security researchers have identified a new Microsoft 365 spoofing campaign that targets specific people in companies, trying to compromise peoples’ accounts such as C-suite executives and other essential positions from the retail, insurance and financial services industries.
Sweeping spoofingcampaigns are an almost everyday occurrence, as companies have to deal with this threat constantly. But there’s a subgroup of this threat that’s better well-aimed and thought out to have maximum impact by targeting executives in companies, giving attacks increase leverage and access.
The new Microsoft Office 365 credential harvesting campaign targeted various C-suite executives and other decision-makers in companies, but with a twist. Criminals looked for people just settling in and hit them during the transition period, relying on the target’s limited knowledge in a new company.
“A large majority of the phishing attacks stopped by Area 1 Security were headed to financial controllers and treasurers at various international companies,” said the researchers. “By targeting the financial departments of these companies, the attackers could potentially gain access to sensitive data of third parties through invoices and billing, commonly referred to as a BEC (Business Email Compromise) attack.”
“This enables the attackers to send forged invoices from legitimate email addresses to suppliers, resulting in payments being made to attacker-owned accounts,” they explained.
The campaign itself used many techniques, depending on the stage or the target, including the deployment of advanced phishing kits, domains that looked very much like the real ones, and much more.
The phishing emails contained various mixed messages such as purported security updates, documents that “need” reviewing, updated policies, and so on.
Security researchers published a complete list of indicators of compromise that should allow companies to stop these attempts before they even reach recipients.