Office 365 users have been notified concerning the current phishing campaign that gathers user credentials. The attackers use advanced tactics to circumvent email security tools and social engineering strategies to mislead company staff into browsing sites where credentials are gathered.
An assortment of lures is employed in the phishing emails to catch the attention of remote employees, for instance, bogus password update requests, info on teleconferencing, SharePoint notices, and helpdesk tickets. The baits look credible and the sites to which Office 365 users go to look genuine, which comes with duplicated logos and color palettes.
The threat actors have utilized a variety of strategies to get around secure email gateways to make certain the messages are sent to inboxes. For example, redirector URLs that can find sandbox environments and will lead Office 365 users to the phishing web pages and security solutions to benign sites, to avoid analysis. The emails likewise have heavy obfuscation in the HTML code.
Microsoft says that the redirector web pages have a distinct subdomain that comes with a username and the targeted firm’s domain name to make the campaign more realistic. The phishing URLs include an extra dot following the top-level domain, and it has the Base64 encoded email address of the person receiving the message. The phishing URLs are typically added to compromised web pages, in place of using it on domain names owned by the hacker. Because numerous differing subdomains are utilized, it is probable to send substantial volumes of phishing email messages and elude security applications.
Office 365 credentials are remarkably well-liked by cybercriminals. Email accounts could be accessed and employed for even more phishing attacks, BEC attacks, and the accounts usually consist of loads of sensitive data files, which include protected health information (PHI). The moment an attacker obtains access to the Office 365 account, they could access sensitive stored paperwork, and carry out additional attacks on the firm.
Microsoft mentioned that Microsoft 365 Defender for Office 365 can identify phishing emails and take care of attacks. However, the latest IRONSCALES research revealed that a lot of email security gateways could not block these complex phishing threats.
The security company based in Israel lately released information from a study of the top-rated secure email gateways and learned that they didn’t obstruct about 50% of advanced phishing attempts, for example, social engineering attacks and spear-phishing attacks. The firm employed its Emulator to check the efficiency of five of the top-rated secure email gateways, like Microsoft’s Advanced Threat Protection (APT), and simulated real-world phishing scenes to find out how each one performed.
For the tests, IRONSCALES carried out 162 emulations (16,200 emails) versus the best 5 secure email gateways and found out that 47% of the emails or 7,614 email messages were sent to inboxes. The penetration rate or the percent of emails that circumvented the secure email gateways was 35% to 55% throughout the 5 used security solutions.
The top secure email gateways were efficient at stopping emails with malicious attachments, as merely 4% of emails were sent to inboxes, and merely 3% of email messages that contain hyperlinks to malicious files were received. Nonetheless, they were less helpful at rejecting social engineering and email impersonation attacks since 30% of emails were delivered with success. 25% of email messages with domain name impersonations were delivered. These emails contained links to a domain name that have the correct records fixed in the DNS. Emails with links to URLs having phony login pages were sent 16% of the time.
The tests outlined the advantages of AI-driven security solutions having natural language understanding and the benefits of providing the workforce training on security awareness, as a lot of these advanced phishing attacks will reach the email boxes of users.