A new phishing campaign is making the rounds. Scammers are taking advantage of a small, but serious oversight in Microsoft’s Office 365 suite of online services to serve phishing emails that are visually indistinguishable from work-related emails and appear completely safe. This new threat once again highlights the importance of training your first line of defense to deal with cyber threats, as part of your organization’s cybersecurity strategy.
Researchers this week have come across an all-new phishing attack that has impacted an estimated 10% of Office 365 users worldwide. PhishPoint, as the campaign is dubbed, has a trick up its sleeve that most other phishing scams don’t: it goes beyond email and uses SharePoint to harvest end-users' credentials.
How PhishPoint works:
Exploited properly, the scam can easily lead to a catastrophic data breach. While Microsoft’s link-scanning security layer does sniff out malicious links in the body of an email, it does not scan the links inside a linked SharePoint document. Even if it did, it still couldn’t blacklist a malicious URL inside the document without blacklisting links to all SharePoint files. Researchers feel this is a dangerous oversight.
The corporate gold mine
Stolen corporate domain usernames and credentials are in high demand on the dark web and underground specialized forums. As more and more organizations are moving to cloud-based solutions, phishers themselves are adjusting their techniques to steal credentials via existing attack tools, such as phishing kits.
Since September 2017, Bitdefender has recorded an increase – albeit a small one – in phishing messages that target Office 365 users and uncovered several phishing kits being actively used to compromise credentials.
These phishing kits are usually stored on legitimate-but-compromised websites and are linked to in generic communication. Fake invitations to files hosted on SharePoint Online, outstanding payments for Office 365 subscriptions, or notices of upcoming account termination are the most common lures used to persuade victims into giving away their credentials. And since the messages aren’t branded with visual identities of specific companies, these campaigns likely target a wide pool of organizations, not just a few select companies.
Some of the phishing kits even have their own defense mechanisms that enable them to fly under the radar and avoid blacklisting. Others prevent the forms from being sent if they detect junk text (text that doesn’t look like a password) being filled in. This method is probably used to protect the scammers’ database from being overly populated with invalid credentials that would decrease its resell value on the black market.
What can hackers do with stolen credentials?
There’s a good reason why stolen corporate usernames and passwords are so valuable on the dark web. Actually, make that five reasons:
Share the responsibility so you don’t share the blame
Solutions like Bitdefender GravityZone offer a mix of antimalware, malicious URL, and anti-phishing protections that can prove useful in the face of such a devious campaign. However, since PhishPoint ultimately requires a lot of user input, end-users have an important responsibility to keep their work credentials safe. After all, the malicious URL leading to the spoofed Office 365 portal could hide anything else for that matter – a malware-laced download, for instance.
This once again raises the importance of conducting regular staff training with regards to existing cyber threats – phishing chief among them, considering it is still the most “popular” attack vector for ransomware operators, and not only.
So, what should office workers know in order to think twice before entering their user name and password?
Both employers and their employees shoulder the responsibility of keeping the organization out of hackers’ reach. With cybercrime still on the rise as we move into the second half of 2018, these simple tips are more important than ever. Stay safe!
Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.View all posts
Don’t miss out on exclusive content and exciting announcements!