Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Microsoft Files Lawsuit to Seize Fake Domains Used in COVID-19-Themed BEC Attacks

Microsoft has filed a lawsuit in an effort to seize control of several domains used to launch COVID-19-themed cyberattacks against the company’s customers in 62 countries.

Microsoft has filed a lawsuit in an effort to seize control of several domains used to launch COVID-19-themed cyberattacks against the company’s customers in 62 countries.

The tech company started tracking the malicious activity in December 2019, after identifying it as a phishing scheme attempting to compromise Microsoft customer accounts and access emails, contacts, sensitive files, and other information.

After the scheme was blocked and the malicious app used in the attack disabled, the cybercriminals changed their tactics and switched to COVID-19-related lures in recent phishing attacks.

The activity, Microsoft corporate vice president Tom Burt explains, is another form of business email compromise (BEC), a type of fraud that caused losses of more than $1.7 billion in 2019, according to a 2020 report from the FBI’s Internet Crime Complaint Center (IC3).

As part of these attacks, the cybercriminals sent phishing emails designed to appear as if sent from an employer or another trusted source. The emails were sent to business leaders across industries, in an attempt to gain access to their accounts to steal information and money.

Initially, the emails contained deceptive messages related to generic activities, but later started using messages related to the COVID-19 pandemic, in an attempt to entice the victims into clicking on malicious links.

Those who clicked on the links were prompted to grant access permissions to a malicious web application that seemed legitimate, but was instead controlled by the cybercriminals to access the victim’s Microsoft Office 365 account.

“This scheme enabled unauthorized access without explicitly requiring the victims to directly give up their login credentials at a fake website or similar interface, as they would in a more traditional phishing campaign,” Burt notes.

Advertisement. Scroll to continue reading.

Victims of this scheme unwittingly provided the cybercriminals with access to their Office 365 account contents, including emails and contact lists, notes, and content stored on OneDrive for Business and corporate SharePoint systems.

By taking legal action against the operators behind these COVID-19-themed BEC attacks, Microsoft was able to disable key domains from the attackers’ infrastructure. The tech giant’s lawsuit targeted several fake Office domains.

To stay protected, Microsoft advises users to enable two-factor authentication on all of their accounts, either business or personal, and to educate themselves to spot phishing schemes. Enabling security alerts on links and content from suspicious sites and keeping an eye on suspicious activity on their email accounts should also help staying protected.

Related: BEC Losses Surpassed $1.7 Billion in 2019: FBI

Related: FBI Expects Increase in COVID-19-Themed BEC Scams

Related: Google Sees Increase in COVID-19 Phishing in Brazil, India, UK

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.