Yesterday, Microsoft revealed that the company has been working with the US Justice system to seize malicious domains to prevent scammers from taking advantage of people affected by the coronavirus pandemic.
Recently, Microsoft observed cyberattacks targeting people who were left vulnerable by the coronavirus pandemic. Microsoft noted that these activities were just another form of business email compromise (BEC) attack. In this case, BEC attacks claimed to provide financial relief to companies and used terms like “COVID-19 Bonus” to attract users into clicking on the phishing link. Once the user clicks on the link, they were taken to a web app that looked genuine but allowed the attackers to collect personal information. These attacks have grown in the past few years and according to the FBI's 2019 cybercrime report, last year BEC attacks cost users over $1.7 billion in losses.
In case you're not familiar, BEC attacks are usually targeted at business and non-profit organizations. The attack includes sending genuine-looking emails like invoices, payments, etc to collect personal information including bank details and login credentials from the victim.
After entering credentials in the malicious web app, the user was taken to a consent prompt which again looked like the one used by the web apps to ask for consent. However, the prompt allowed attackers to gain access to personal data like OneNote Notebooks, OneDrive files, SharePoint document management and Office 365 account.
Usually, Microsoft takes measures to monitor and block malicious web apps to protect users from phishing attacks. However, in cases where the activities are massively scaled or where criminals are using ways to evade Microsoft's built-in systems, the company moves to court to take legal action. In this case, Microsoft filed a civil case against COVID-19-themed BEC attacks to disable key domains in order to protect customers.
The court order filed with the U.S. District Court for the Eastern District of Virginia lists domains such as officesuitesoft.com, officemtr.com and more. These domains were similar to Microsoft's own services and allowed attackers to dupe victims into thinking they are accessing genuine Microsoft Office services. The court ruled in favour of Microsoft which allowed the company to take control of the domains and remove the websites without tipping off the criminals.
While Microsoft has been proactively blocking domains to protect users, it also noted that the criminals are finding new ways to lure customers, especially those who are vulnerable during the current pandemic. The company also highlighted the importance of 2FA to protect the account from BEC attacks. Furthermore, Microsoft has also shared information on how to spot phishing schemes and recommended users to e nable security alerts about links from suspicious websites. Lastly, the company also shared resources for the businesses to better protect themselves from these attacks.