Microsoft took down the domains which were used by criminals to launch phishing attacks related to the Covid-19 pandemic by exploiting the vulnerabilities and public fear.
The Digital Crimes Unit (DCU) of Microsoft initially spotted the cyber criminals who controlled these domains while they were trying to compromise Microsoft customer accounts in December 2019 using phishing emails designed to infiltrate contact lists, sensitive documents and information which could be later used as part of Business Email Compromise (BEC) attacks.
The attackers lured their victims using COVID-19-related topics to give them permission to access and control their Office 365 account by granting access permissions to attacker-controlled malicious OAuth apps.
According to Microsoft Corporate Vice President for Customer Security & Trust, Tom Burt the civil case has resulted in a court order allowing Microsoft to seize control of key domains in the criminals’ infrastructure so that it can no longer be used to execute cyberattacks.
The domains used to host malicious web apps and seized by Microsoft are officeinvetorys[.]com, officehnoc[.]com, officesuited[.]com, officemtr[.]com, officesuitesoft[.]com, and mailitdaemon[.]com.
The company stated that in early-April, there wasn’t much increase in the malicious attacks since the start of the pandemic but, the malicious actors repurposed the infrastructure used in previous attacks to launch rethemed campaigns taking advantage of the fears surrounding the COVID-19 pandemic.
Microsoft 365 Security Corporate Vice President Rob Lefferts stated that the attackers are turning their existing infrastructure, like ransomware, phishing, and other malware delivery tools, to include COVID-19 keywords to get clicked.
Until April, around 60,000 attacks out of millions of targeted messages were using pandemic-related URLs or malicious attachments based on data collected by Microsoft from thousands of weekly email phishing campaigns.
It was also found that nation-state actors were using COVID-19 lures in campaigns targeting healthcare entities. The company has alerted dozens of hospitals about exposed VPN devices and gateways on their networks to defend against such attacks.
Burt stated that when the criminals are adapting their techniques to evade Microsoft’s built-in defensive mechanisms, it is necessary to take additional measures such as the legal action filed in this case.
He added that this unique civil case against COVID-19-themed BEC attacks has helped them to disable key domains that are part of the criminals’ malicious infrastructure, which is a critical step in protecting the customers.
Image Credits : CNBC