Microsoft dismantles COVID-19-themed phishing campaigns

Don Sharpe
by Don Sharpe
Author
0 Comments
Download PDF
Affiliate Disclosure

  • Malicious players have been increasingly carrying out COVID-19-themed phishing attacks, especially aimed at Office 365 users.
  • Microsoft revealed that it got a court order allowing it to take control of certain domains that cybercriminals used to execute COVID-19-themed phishing or other forms of attack.
  • To learn about optimizing security in Microsoft Teams, OneDrive, Outlook, Skype and more, check out the Office 365 Security section.
  • We also prepared tips for securing your Windows 10 OS and apps against different types of cyber threats. Visit the Security & Privacy page to learn more.
COVID-19-inspired cyber attack

We recently wrote an article on how malicious players have been increasingly carrying out COVID-19-themed phishing attacks. The bad actors recently made Office 365 users some of their favorite targets, but it appears that Microsoft’s Digital Crimes Unit (DCU) has been closely tracking some of them.

Microsoft takes apart COVID-19-themed phishing infrastructure

Microsoft revealed that it got a court order allowing it to take over control of certain domains that cybercriminals used to execute COVID-19-themed phishing or other forms of cyber attacks. As such, the threat actors in question can no longer use the seized IT infrastructure to commit cybercrime.

Today, the U.S. District Court for the Eastern District of Virginia unsealed documents detailing Microsoft’s work to disrupt cybercriminals that were taking advantage of the COVID-19 pandemic in an attempt to defraud customers in 62 countries around the world. Our civil case has resulted in a court order allowing Microsoft to seize control of key domains in the criminals’ infrastructure so that it can no longer be used to execute cyberattacks.

How hackers executed the Office 365 phishing attacks

As with any other phishing campaign, the attackers sent malicious emails appearing to originate from a trusted source.

They took advantage of the fact that many companies around the world expect some form of COVID-19 financial bailout. So, they used that theme to trick their targets into harmful interactions with malicious web applications.

As you’d expect, the cybercriminals sent the victims malicious links.

This time around, the hackers don’t explicitly ask the victim to supply their O365 security credentials via a web-based form. Instead, clicking on a malicious link leads to a prompt requiring the target to give access rights to a malware-loaded web app.

Since they criminals control the malicious app, they may now compromise the victim’s O365 account.

Apparently, any O365 app or tool can be a target for such attacks, from Microsoft Teams to OneDrive. Users, therefore, have no option but to be on high alert and implement adequate cybersecurity measures.

Have you had any experience with COVID-19-themed cyber attacks? Kindly let us know via the comments section below.