[ad_1]
Zscaler, a cloud security specialist, unveils big phishing campaigns behind fake websites. Known domains like Outlook and OneDrive are concerned. Here are the details. […]
The Zscaler ThreatLabZ team is warning of various phishing attacks with Microsoft Azure Custom Domains. These web pages are signed with a Microsoft SSL certificate to appear legitimate. A total of 2,000 phishing attempts were detected in six weeks. The research team conducted research on two of the attack vectors.
Attack Vector 1: Spam Emails
In the first example, attackers sent an unwanted email message to a user posing as a particular company. It informs the user that seven emails have already been sent by this contractor, but that they have been quarantined. To view emails, it is recommended to the user to log in with his or her company account. If the victim clicks on the "View emails" button, he will be redirected to a phishing page with connection to Outlook. In case users doubt the authenticity of the site because of the unknown URL, the attackers abused a Microsoft SSL certificate. If the user is deceived and he enters his data into the form, he will be sent to the fake domain operated by the criminals.
Vector of attack: infected HTML attachment
In the second example, the attackers sent the junk mail with an attached HTML file that resembles a voicemail message. Once the user has clicked on the HTML file, he will be redirected to the phishing site mapped via the Azure domain. In this approach, attackers inject disguised JavaScript code to match the credentials of their database and avoid unnecessary work. A hidden code checks the access data of the user and sends them to the attacker's server.
In addition to Outlook phishing campaigns, other related Azure domains have also been discovered: Microsoft phishing, OneDrive phishing, Adobe Document phishing and Blockchain phishing. Zscaler has informed Microsoft why websites have since been taken offline.
Security of the platform against phishing in the clouds
Phishing attacks have become more frequent in recent months. Especially via social media platforms such as LinkedIn, many similar attacks are launched. The Zscaler examples presented here also show an increase in phishing attacks against cloud platforms and their domains. The interaction between cloud computing security and enterprise IT security must therefore proceed smoothly.
For this reason, businesses need modern protection mechanisms that specifically protect their platforms. These security solutions should include sandboxing capabilities to filter attachments and suspicious links, to investigate and defend against them separately. This manufacturer or vendor platform protection very effectively complements the security appliance of companies that put their data and applications on the cloud platform.
Interested parties can learn more about the phishing campaigns found on the Zscaler search blog.
Source link
