Tuesday, July 16, 2024

Microsoft warns of a Widespread Phishing Campaign to Steal Login Credentials

The security researchers of Microsoft have reported about a new phishing campaign that they have detected recently, and they have also claimed that this campaign is quite big and is stealing the login credentials.

After detecting this phishing campaign, soon the experts initiated the investigation, however, they declared that this campaign attaches the open redirector links in the email communications that behave as a vector.

However, the main motive of using such vectors is to trick users into visiting malicious websites so that the threat actors can bypass the security software effectively.

Credential phishing via open redirector links 

The threat actors are targetting the login credentials in this phishing attack, and the credentials phishing emails generally signify a remarkably widespread way for threat actors to obtain a space in a network. 

This type of phishing attack proceeds to develop as an aggressive attack vector and it has a specific goal that is to harvest user credentials. 

But, this is not the first time when Microsoft encountered such an attack, as per the report of 2020 Digital Defense, they have blocked over 13 billion malicious and unusual mails, and among them, there were 1 billion of those emails that are distributed as URL-based phishing threats.

Redirecting to phishing pages

Once the user clicks the custom-built redirect links that are specifically sent to a page in attacker-owned infrastructure. This kind of page generally uses Google reCAPTCHA services to likely circumvent attempts at dynamically browsing and checking the contents of the page. 

Not only this it’s also used for blocking some interpretation systems from launching to the actual phishing page that has been created by the threat actors.

Once the user is done with the CAPTCHA verification, the user has displayed a site that imitates a legitimate service, like Microsoft Office 365. 

The sites generally ask the user for their password, then the passwords are being asked for twice, and after giving it the threat actors enter the system.

Moreover, the threat actors also send unique URLs to each beneficiary with PHP parameters that create simple information to execute on the phishing page.

Domains used 

  • c-tl[.]xyz
  • a-cl[.]xyz
  • j-on[.]xyz
  • p-at[.]club
  • i-at[.]club
  • f-io[.]online

Characteristics of the domains used

  • Free email domains
  • Compromised legitimate domains
  • Domains ending in .co.jp
  • Attacker-owned DGA domains

Variety of ccTLDs used

  • de
  • com.mx
  • com.au
  • ca

Microsoft Defender for Office 365 protects against modern email threats

However, this kind of threat was being detected by the security analysts, that’s why Microsoft is keeping a constant check on this kind of situation. 

This type of attack is quite unsudden that makes a huge impact on the network, thus Microsoft has suggested some mitigations toward the exploitation of open redirector links by known third-party platforms or assistance.

The Microsoft defender for office 365 has also recommended some mitigation for this phishing attack, and here they are:-

  • Apply anti-phishing
  • Safe Links
  • Safe Attachments policies

They also recommend installing the Report Message add-in for Outlook as it will allow the users to report questionable messages to their protection teams and also to Microsoft.

This type of phishing campaign generally puts a lot of pressure and hamper the network services very badly, that’s why the users are suggested to apply the recommendation and follow them carefully.

Follow us on LinkedinTwitterFacebook for daily Cybersecurity News & Updates.


Latest articles

MirrorFace Attacking Organizations Exploiting Vulnerabilities In Internet-Facing Assets

MirrorFace threat actors have been targeting media, political organizations, and academic institutions since 2022,...

HardBit Ransomware Using Passphrase Protection To Evade Detection

In 2022, HardBit Ransomware emerged as version 4.0. Unlike typical ransomware groups, this ransomware...

New Poco RAT Weaponizing 7zip Files Using Google Drive

The hackers weaponize 7zip files to pass through security measures and deliver malware effectively.These...

New ShadowRoot Ransomware Attacking Business Via Weaponized PDF’s

X-Labs identified basic ransomware targeting Turkish businesses, delivered via PDF attachments in suspicious emails...

Hacktivist Groups Preparing for DDoS Attacks Targeting Paris Olympics

Cyble Research & Intelligence Labs (CRIL) researchers have identified a cyber threat targeting the...

Critical Cellopoint Secure Email Gateway Flaw Let Attackers Execute Arbitrary Code

A critical vulnerability has been discovered in the Cellopoint Secure Email Gateway, identified as...

Singapore Banks to Phase out OTPs for Bank Account Logins Within 3 Months

The Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS)...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles